Bug Summary

File:build-scan/../src/udev/mtd_probe/probe_smartmedia.c
Warning:line 53, column 17
Potential leak of memory pointed to by 'cis_buffer'

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name probe_smartmedia.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model static -mframe-pointer=all -relaxed-aliasing -menable-no-infs -menable-no-nans -menable-unsafe-fp-math -fno-signed-zeros -mreassociate -freciprocal-math -fdenormal-fp-math=preserve-sign,preserve-sign -ffp-contract=fast -fno-rounding-math -ffast-math -ffinite-math-only -mconstructor-aliases -munwind-tables -target-cpu x86-64 -tune-cpu generic -fno-split-dwarf-inlining -debugger-tuning=gdb -resource-dir /usr/lib64/clang/12.0.0 -include config.h -I src/udev/mtd_probe.p -I src/udev -I ../src/udev -I src/basic -I ../src/basic -I src/shared -I ../src/shared -I src/systemd -I ../src/systemd -I src/journal -I ../src/journal -I src/journal-remote -I ../src/journal-remote -I src/nspawn -I ../src/nspawn -I src/resolve -I ../src/resolve -I src/timesync -I ../src/timesync -I ../src/time-wait-sync -I src/login -I ../src/login -I src/libudev -I ../src/libudev -I src/core -I ../src/core -I ../src/libsystemd/sd-bus -I ../src/libsystemd/sd-device -I ../src/libsystemd/sd-hwdb -I ../src/libsystemd/sd-id128 -I ../src/libsystemd/sd-netlink -I ../src/libsystemd/sd-network -I src/libsystemd-network -I ../src/libsystemd-network -I . -I .. -D _FILE_OFFSET_BITS=64 -D LOG_REALM=LOG_REALM_UDEV -internal-isystem /usr/local/include -internal-isystem /usr/lib64/clang/12.0.0/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -Wwrite-strings -Wno-unused-parameter -Wno-missing-field-initializers -Wno-unused-result -Wno-format-signedness -Wno-error=nonnull -std=gnu99 -fconst-strings -fdebug-compilation-dir /home/mrc0mmand/repos/@redhat-plumbers/systemd-rhel8/build-scan -ferror-limit 19 -fvisibility hidden -stack-protector 2 -fgnuc-version=4.2.1 -fcolor-diagnostics -analyzer-output=html -faddrsig -o /tmp/scan-build-2021-07-16-221226-1465241-1 -x c ../src/udev/mtd_probe/probe_smartmedia.c
1/* SPDX-License-Identifier: GPL-2.0+ */
2/*
3 * Copyright © 2010 - Maxim Levitsky
4 *
5 * mtd_probe is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * mtd_probe is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with mtd_probe; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor,
18 * Boston, MA 02110-1301 USA
19 */
20
21#include <errno(*__errno_location ()).h>
22#include <fcntl.h>
23#include <mtd/mtd-user.h>
24#include <stdint.h>
25#include <stdio.h>
26#include <stdlib.h>
27#include <string.h>
28#include <sys/stat.h>
29#include <sys/types.h>
30#include <unistd.h>
31
32#include "alloc-util.h"
33#include "mtd_probe.h"
34
35static const uint8_t cis_signature[] = {
36 0x01, 0x03, 0xD9, 0x01, 0xFF, 0x18, 0x02, 0xDF, 0x01, 0x20
37};
38
39int probe_smart_media(int mtd_fd, mtd_info_t* info) {
40 int sector_size;
41 int block_size;
42 int size_in_megs;
43 int spare_count;
44 _cleanup_free___attribute__((cleanup(freep))) uint8_t *cis_buffer = NULL((void*)0);
45 int offset;
46 int cis_found = 0;
47
48 cis_buffer = malloc(SM_SECTOR_SIZE512);
1
Memory is allocated
49 if (!cis_buffer)
2
Assuming 'cis_buffer' is non-null
3
Taking false branch
50 return log_oom()log_oom_internal(LOG_REALM_UDEV, "../src/udev/mtd_probe/probe_smartmedia.c"
, 50, __func__);
51
52 if (info->type != MTD_NANDFLASH4) {
4
Assuming field 'type' is not equal to MTD_NANDFLASH
5
Taking true branch
53 log_debug("Not marked MTD_NANDFLASH.")({ int _level = (((7))), _e = ((0)), _realm = (LOG_REALM_UDEV
); (log_get_max_level_realm(_realm) >= ((_level) & 0x07
)) ? log_internal_realm(((_realm) << 10 | (_level)), _e
, "../src/udev/mtd_probe/probe_smartmedia.c", 53, __func__, "Not marked MTD_NANDFLASH."
) : -abs(_e); });
6
Potential leak of memory pointed to by 'cis_buffer'
54 return -EINVAL22;
55 }
56
57 sector_size = info->writesize;
58 block_size = info->erasesize;
59 size_in_megs = info->size / (1024 * 1024);
60
61 if (!IN_SET(sector_size, SM_SECTOR_SIZE, SM_SMALL_PAGE)({ _Bool _found = 0; static __attribute__ ((unused)) char _static_assert__macros_need_to_be_extended
[20 - sizeof((int[]){512, 256})/sizeof(int)]; switch(sector_size
) { case 512: case 256: _found = 1; break; default: break; } _found
; })) {
62 log_debug("Unexpected sector size: %i", sector_size)({ int _level = (((7))), _e = ((0)), _realm = (LOG_REALM_UDEV
); (log_get_max_level_realm(_realm) >= ((_level) & 0x07
)) ? log_internal_realm(((_realm) << 10 | (_level)), _e
, "../src/udev/mtd_probe/probe_smartmedia.c", 62, __func__, "Unexpected sector size: %i"
, sector_size) : -abs(_e); });
63 return -EINVAL22;
64 }
65
66 switch(size_in_megs) {
67 case 1:
68 case 2:
69 spare_count = 6;
70 break;
71 case 4:
72 spare_count = 12;
73 break;
74 default:
75 spare_count = 24;
76 break;
77 }
78
79 for (offset = 0; offset < block_size * spare_count; offset += sector_size) {
80 (void) lseek(mtd_fd, SEEK_SET0, offset);
81
82 if (read(mtd_fd, cis_buffer, SM_SECTOR_SIZE512) == SM_SECTOR_SIZE512) {
83 cis_found = 1;
84 break;
85 }
86 }
87
88 if (!cis_found) {
89 log_debug("CIS not found")({ int _level = (((7))), _e = ((0)), _realm = (LOG_REALM_UDEV
); (log_get_max_level_realm(_realm) >= ((_level) & 0x07
)) ? log_internal_realm(((_realm) << 10 | (_level)), _e
, "../src/udev/mtd_probe/probe_smartmedia.c", 89, __func__, "CIS not found"
) : -abs(_e); });
90 return -EINVAL22;
91 }
92
93 if (memcmp(cis_buffer, cis_signature, sizeof(cis_signature)) != 0 &&
94 memcmp(cis_buffer + SM_SMALL_PAGE256, cis_signature, sizeof(cis_signature)) != 0) {
95 log_debug("CIS signature didn't match")({ int _level = (((7))), _e = ((0)), _realm = (LOG_REALM_UDEV
); (log_get_max_level_realm(_realm) >= ((_level) & 0x07
)) ? log_internal_realm(((_realm) << 10 | (_level)), _e
, "../src/udev/mtd_probe/probe_smartmedia.c", 95, __func__, "CIS signature didn't match"
) : -abs(_e); });
96 return -EINVAL22;
97 }
98
99 printf("MTD_FTL=smartmedia\n");
100 return 0;
101}