From: Francois Berder <fberder@outlook.fr>
Date: Mon, 5 Jan 2026 20:26:14 +0000 (+0100)
Subject: bootstd: rauc: Free memory during error handling
X-Git-Tag: v2026.04-rc1~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=284855320282ccd3c6d0403e85c0e2ab8a566db1;p=thirdparty%2Fu-boot.git

bootstd: rauc: Free memory during error handling

While reading bootflow, memory was not released if an
error occurred.

Signed-off-by: Francois Berder <fberder@outlook.fr>
Acked-by: Martin Schwan <m.schwan@phytec.de>
Tested-by: Martin Schwan <m.schwan@phytec.de>
---

diff --git a/boot/bootmeth_rauc.c b/boot/bootmeth_rauc.c
index 833715e1395..432d170e006 100644
--- a/boot/bootmeth_rauc.c
+++ b/boot/bootmeth_rauc.c
@@ -139,12 +139,12 @@ static int distro_rauc_scan_parts(struct bootflow *bflow)
 
 static int distro_rauc_read_bootflow(struct udevice *dev, struct bootflow *bflow)
 {
-	struct distro_rauc_priv *priv;
-	int ret;
+	struct distro_rauc_priv *priv = NULL;
+	int ret = 0;
 	char *slot;
 	int i;
-	char *partitions;
-	char *boot_order;
+	char *partitions = NULL;
+	char *boot_order = NULL;
 	const char *default_boot_order;
 	const char **default_boot_order_list;
 	char *boot_order_copy;
@@ -176,10 +176,22 @@ static int distro_rauc_read_bootflow(struct udevice *dev, struct bootflow *bflow
 	if (!priv)
 		return log_msg_ret("buf", -ENOMEM);
 	priv->slots = calloc(1, sizeof(struct distro_rauc_slot));
+	if (!priv->slots) {
+		free(priv);
+		return log_msg_ret("buf", -ENOMEM);
+	}
 
 	/* Copy default boot_order, so we can leave the original unmodified */
 	boot_order_copy = strdup(default_boot_order);
+	if (!boot_order_copy) {
+		ret = log_msg_ret("buf", -ENOMEM);
+		goto rauc_read_bootflow_err;
+	}
 	partitions = strdup(CONFIG_BOOTMETH_RAUC_PARTITIONS);
+	if (!partitions) {
+		ret = log_msg_ret("buf", -ENOMEM);
+		goto rauc_read_bootflow_err;
+	}
 
 	for (i = 1;
 	     (parts = strsep(&partitions, " ")) &&
@@ -189,13 +201,26 @@ static int distro_rauc_read_bootflow(struct udevice *dev, struct bootflow *bflow
 		struct distro_rauc_slot **new_slots;
 
 		s = calloc(1, sizeof(struct distro_rauc_slot));
+		if (!s) {
+			ret = log_msg_ret("buf", -ENOMEM);
+			goto rauc_read_bootflow_err;
+		}
 		s->name = strdup(slot);
+		if (!s->name) {
+			free(s);
+			ret = log_msg_ret("buf", -ENOMEM);
+			goto rauc_read_bootflow_err;
+		}
 		s->boot_part = simple_strtoul(strsep(&parts, ","), NULL, 10);
 		s->root_part = simple_strtoul(strsep(&parts, ","), NULL, 10);
 		new_slots = realloc(priv->slots, (i + 1) *
 				    sizeof(struct distro_rauc_slot));
-		if (!new_slots)
-			return log_msg_ret("buf", -ENOMEM);
+		if (!new_slots) {
+			free(s->name);
+			free(s);
+			ret = log_msg_ret("buf", -ENOMEM);
+			goto rauc_read_bootflow_err;
+		}
 		priv->slots = new_slots;
 		priv->slots[i - 1] = s;
 		priv->slots[i] = NULL;
@@ -204,15 +229,19 @@ static int distro_rauc_read_bootflow(struct udevice *dev, struct bootflow *bflow
 	bflow->bootmeth_priv = priv;
 
 	ret = distro_rauc_scan_parts(bflow);
-	if (ret < 0) {
-		distro_rauc_priv_free(priv);
-		free(boot_order_copy);
-		return ret;
-	}
+	if (ret < 0)
+		goto rauc_read_bootflow_err;
 
 	bflow->state = BOOTFLOWST_READY;
 
 	return 0;
+
+rauc_read_bootflow_err:
+	distro_rauc_priv_free(priv);
+	free(boot_order_copy);
+	free(partitions);
+
+	return ret;
 }
 
 static int distro_rauc_read_file(struct udevice *dev, struct bootflow *bflow,