Fix static analyzer issues caught by clang
system/core/libsparse/sparse_read.c:260:51: warning: Dereference of null pointer (loaded from variable 'crc_ptr')
ret = process_crc32_chunk(fd, chunk_data_size, *crc_ptr);
system/core/libsparse/sparse_read.c:404:9: warning: Potential leak of memory pointed to by 'buf'
return 0;
Fixes leak in sparse_file_read_normal, and null pointer dereference
crash if an image with an obsolete CRC chunk was read with CRC checking
disabled.
Bug: 26904425
Change-Id: Ibc72cd37602929ae2c248bea1cdd1d22ea03baaf
diff --git a/libsparse/sparse_read.c b/libsparse/sparse_read.c
index ec63850..dbb4dab 100644
--- a/libsparse/sparse_read.c
+++ b/libsparse/sparse_read.c
@@ -199,7 +199,7 @@
return 0;
}
-static int process_crc32_chunk(int fd, unsigned int chunk_size, uint32_t crc32)
+static int process_crc32_chunk(int fd, unsigned int chunk_size, uint32_t *crc32)
{
uint32_t file_crc32;
int ret;
@@ -213,7 +213,7 @@
return ret;
}
- if (file_crc32 != crc32) {
+ if (crc32 != NULL && file_crc32 != *crc32) {
return -EINVAL;
}
@@ -257,7 +257,7 @@
}
return chunk_header->chunk_sz;
case CHUNK_TYPE_CRC32:
- ret = process_crc32_chunk(fd, chunk_data_size, *crc_ptr);
+ ret = process_crc32_chunk(fd, chunk_data_size, crc_ptr);
if (ret < 0) {
verbose_error(s->verbose, -EINVAL, "crc block at %" PRId64,
offset);
@@ -374,6 +374,7 @@
ret = read_all(fd, buf, to_read);
if (ret < 0) {
error("failed to read sparse file");
+ free(buf);
return ret;
}
@@ -401,6 +402,7 @@
block++;
}
+ free(buf);
return 0;
}