From 29994a50817d67c289277ef296215cbbffb7c19d Mon Sep 17 00:00:00 2001 From: Kieran Bingham Date: Wed, 27 Jun 2018 00:07:54 +0100 Subject: lib: configfs: Fix asprintf return value usage The asprintf function returns -1, and leaves the first parameter undefined in case of an allocation error. This conflicts with the code's assumption that the parameter is set NULL on error. Check all return values of asprintf, and ensure that the string parameter is not used as a return value on error paths. Signed-off-by: Kieran Bingham Signed-off-by: Laurent Pinchart --- lib/configfs.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/lib/configfs.c b/lib/configfs.c index 1dfde95..5de7079 100644 --- a/lib/configfs.c +++ b/lib/configfs.c @@ -32,8 +32,17 @@ static char *path_join(const char *dirname, const char *name) { char *path; + int ret; + + ret = asprintf(&path, "%s/%s", dirname, name); - asprintf(&path, "%s/%s", dirname, name); + /* + * asprintf returns -1 on allocation or other errors, leaving 'path' + * undefined. We shouldn't even call free(path) here. We want to return + * NULL on error, so we must manually set it. + */ + if (ret < 0) + path = NULL; return path; } @@ -192,10 +201,12 @@ static char *udc_find_video_device(const char *udc, const char *function) char *video = NULL; glob_t globbuf; unsigned int i; + int ret; - asprintf(&vpath, "/sys/class/udc/%s/device/gadget/video4linux/video*", - udc ? udc : "*"); - if (!vpath) + ret = asprintf(&vpath, + "/sys/class/udc/%s/device/gadget/video4linux/video*", + udc ? udc : "*"); + if (!ret) return NULL; glob(vpath, 0, NULL, &globbuf); -- cgit v1.2.3