raw/ifpga: use trusted buffer to free

In rte_fpga_do_pr, calling function read() may taints argument buffer
which turn to an untrusted value as argument of rte_free().

Coverity issue: 279449
Fixes: ef1e8ede3da5 ("raw/ifpga: add Intel FPGA bus rawdev driver")
Cc: stable@dpdk.org
Signed-off-by: Wei Huang <wei.huang@intel.com>
Acked-by: Qi Zhang <qi.z.zhang@intel.com>

diff --git a/drivers/raw/ifpga/ifpga_rawdev.c b/drivers/raw/ifpga/ifpga_rawdev.c
index f9de167..27129b1 100644 (file)
--- a/drivers/raw/ifpga/ifpga_rawdev.c
+++ b/drivers/raw/ifpga/ifpga_rawdev.c
@@ -786,7 +786,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
        int file_fd;
        int ret = 0;
        ssize_t buffer_size;
-       void *buffer;
+       void *buffer, *buf_to_free;
        u64 pr_error;
 
        if (!file_name)
@@ -818,6 +818,7 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
                ret = -ENOMEM;
                goto close_fd;
        }
+       buf_to_free = buffer;
 
        /*read the raw data*/
        if (buffer_size != read(file_fd, (void *)buffer, buffer_size)) {
@@ -835,8 +836,8 @@ rte_fpga_do_pr(struct rte_rawdev *rawdev, int port_id,
        }
 
 free_buffer:
-       if (buffer)
-               rte_free(buffer);
+       if (buf_to_free)
+               rte_free(buf_to_free);
 close_fd:
        close(file_fd);
        file_fd = 0;