From 7f39ce5f9b635444e06302fbe556709e84bf3b9a Mon Sep 17 00:00:00 2001 From: Leah Rowe Date: Sat, 28 Mar 2026 04:19:25 +0000 Subject: libreboot-utils: extremely safe(ish) malloc usage yes, a common thing in C programs is one or all of the following: * use after frees * double free (on non-NULL pointer) * over-writing currently used pointer (mem leak) i try to reduce the chance of this in my software, by running free() through a filter function, free_if_not_null, that returns if a function is being freed twice - because it sets NULL after freeing, but will only free if it's not null already. this patch adds two functions: smalloc and vmalloc, for strings and voids. using these makes the program abort if: * non-null pointer given for initialisation * pointer to pointer is null (of course) * size of zero given, for malloc (zero bytes) i myself was caught out by this change, prompting me to make the following fix in fs_dirname_basename() inside lib/file.c: - char *buf; + char *buf = NULL; Yes. Signed-off-by: Leah Rowe --- util/libreboot-utils/lib/mkhtemp.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) (limited to 'util/libreboot-utils/lib/mkhtemp.c') diff --git a/util/libreboot-utils/lib/mkhtemp.c b/util/libreboot-utils/lib/mkhtemp.c index c913ce6c..e499de34 100644 --- a/util/libreboot-utils/lib/mkhtemp.c +++ b/util/libreboot-utils/lib/mkhtemp.c @@ -144,13 +144,7 @@ new_tmp_common(int *fd, char **path, int type, goto err; } - dest = malloc(destlen + 1); - if (dest == NULL) { - errno = ENOMEM; - goto err; - } - - memcpy(dest, tmpdir, dirlen); + memcpy(smalloc(&dest, destlen + 1), tmpdir, dirlen); *(dest + dirlen) = '/'; memcpy(dest + dirlen + 1, templatestr, templatestr_len); *(dest + destlen) = '\0'; @@ -585,11 +579,8 @@ mkhtemp(int *fd, fname_len) != 0, EINVAL)) return -1; - if((fname_copy = malloc(fname_len + 1)) == NULL) - goto err; - /* fname_copy = templatestr region only; p points to trailing XXXXXX */ - memcpy(fname_copy, + memcpy(smalloc(&fname_copy, fname_len + 1), template + len - fname_len, fname_len + 1); p = fname_copy + fname_len - xc; -- cgit v1.2.1