Commit 8b74c023 authored Jan 28, 2020 by Tomasz Kulasek Committed by Tomasz Zawadzki Jan 28, 2020

bdev/nvme: fix crash when invoking apply_firmware RPC



When structure for output of json decoders in not initialized
spdk_json_decode_string may fail trying to free uninitialized
string.

This patch changes mallocs used to allocate context and structure
for output of decoder with calloc.

Fixes #1151

Change-Id: I180b2ec52350b4ca90e7c318b4f2d13af554ec49
Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/483107


Reviewed-by: Alexey Marchuk <alexeymar@mellanox.com>
Reviewed-by: Tomasz Zawadzki <tomasz.zawadzki@intel.com>
Reviewed-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Community-CI: Broadcom SPDK FC-NVMe CI <spdk-ci.pdl@broadcom.com>

parent bba0f040

module/bdev/nvme/bdev_nvme_rpc.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -646,7 +646,7 @@ spdk_rpc_bdev_nvme_apply_firmware(struct spdk_jsonrpc_request *request,
		struct spdk_nvme_cmd *cmd;
		struct firmware_update_info *firm_ctx;

		firm_ctx = malloc(sizeof(struct firmware_update_info));
		firm_ctx = calloc(1, sizeof(struct firmware_update_info));
		if (!firm_ctx) {
		spdk_jsonrpc_send_error_response(request, SPDK_JSONRPC_ERROR_INTERNAL_ERROR,
		"Memory allocation error.");
		@@ -656,7 +656,7 @@ spdk_rpc_bdev_nvme_apply_firmware(struct spdk_jsonrpc_request *request,
		TAILQ_INIT(&firm_ctx->desc_head);
		firm_ctx->request = request;

		firm_ctx->req = malloc(sizeof(struct rpc_apply_firmware));
		firm_ctx->req = calloc(1, sizeof(struct rpc_apply_firmware));
		if (!firm_ctx->req) {
		spdk_jsonrpc_send_error_response(request, SPDK_JSONRPC_ERROR_INTERNAL_ERROR,
		"Memory allocation error.");