[libubootenv 1/1] extended_config.c: Catch NULL pointer for calloc

13 views

Skip to first unread message

steffe...@skothe.net

unread,

Aug 31, 2025, 3:08:27 PM (11 days ago) Aug 31

to swup...@googlegroups.com, Steffen Kothe

From: Steffen Kothe <steffe...@skothe.net>

calloc is not guaranteed to return a valid pointer to a free memory
area.

Hence check for possible NULL return and fail immediately.

Addresses possible CWE-690.

Signed-off-by: Steffen Kothe <steffe...@skothe.net>
---
src/extended_config.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/src/extended_config.c b/src/extended_config.c
index 45df3ec..c3782e1 100644
--- a/src/extended_config.c
+++ b/src/extended_config.c
@@ -131,6 +131,8 @@ static int consume_event(struct parser_state *s, yaml_event_t *event)
case YAML_SCALAR_EVENT:
value = (char *)event->data.scalar.value;
newctx = calloc (s->nelem + 1, sizeof(*newctx));
+ if (newctx == NULL)
+ return FAILURE;
for (int i = 0; i < s->nelem; i++) {
newctx[i] = s->ctxsets[i];
}
--
2.51.0

Stefano Babic

unread,

Sep 1, 2025, 4:03:30 AM (10 days ago) Sep 1

to steffe...@skothe.net, swup...@googlegroups.com

Acked-by: Stefano Babic <stefan...@swupdate.org>

Best regards,
Stefano Babic

--
Nabla Software Engineering GmbH
HRB 40522 Augsburg
Phone: +49 821 45592596
E-Mail: off...@nabladev.com
Geschäftsführer : Stefano Babic

Reply all

Reply to author

Forward

0 new messages