Fix memory leak (start enum)

Enumeration loop added for object corruption. Add missing free because of tee_svc_storage_set_enum obj_id memory allocation (malloc) during enumeration loop. Force obj_id to NULL in the enumation loop to skip freeing at 'exit' label statement. Fix#494 Signed-off-by: Cedric Chaumont <cedric.chaumont@st.com> Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (STM boards) Tested-by: Cedric Chaumont <cedric.chaumont@linaro.org> (ARM Juno board) Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey)
OP-TEE · Oct 13, 2015 · ac23c78 · ac23c78
1 parent 13c163a
commit ac23c78
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/core/tee/tee_svc_storage.c b/core/tee/tee_svc_storage.c
@@ -910,7 +910,7 @@ static TEE_Result tee_svc_storage_set_enum(char *d_name, struct tee_obj *o)
 	hslen = strlen(d_name);
 	blen = TEE_HS2B_BBUF_SIZE(hslen);
 	o->pobj->obj_id = malloc(blen);
-	if (o->pobj->obj_id == NULL) {
+	if (!o->pobj->obj_id) {
 		res = TEE_ERROR_OUT_OF_MEMORY;
 		goto exit;
 	}
@@ -980,6 +980,8 @@ TEE_Result tee_svc_storage_start_enum(uint32_t obj_enum, uint32_t storage_id)
 			res = tee_obj_verify(sess, o);
 			if (res != TEE_SUCCESS)
 				goto exit;
+			free(o->pobj->obj_id);
+			o->pobj->obj_id = NULL;
 		}
 	} while (d);