fit_open() was recently changed to be reference counted. When the FIT is already open, a handle will be returned with the canonical filename being the only allocation incurred.
fit_close() however unconditionally frees the handle without regards to the reference count. Fix this and while at it, fix the memory leak for the canonical filename as well. Reported-by: Claude Sonnet 4.5 <[email protected]> Fixes: f3aadb274abe ("FIT: add support to cache opened fit images") Signed-off-by: Ahmad Fatoum <[email protected]> --- common/image-fit.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/common/image-fit.c b/common/image-fit.c index d8fa5a4c8a8b..b5d0e2e5381f 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -1020,6 +1020,7 @@ struct fit_handle *fit_open(const char *_filename, bool verbose, handle = fit_get_handle(filename); if (handle) { + free(filename); refcount_inc(&handle->users); return handle; } @@ -1053,10 +1054,10 @@ struct fit_handle *fit_open(const char *_filename, bool verbose, return handle; } -static void __fit_close(struct fit_handle *handle) +static bool __fit_close(struct fit_handle *handle) { if (!refcount_dec_and_test(&handle->users)) - return; + return false; if (handle->root) of_delete_node(handle->root); @@ -1066,12 +1067,13 @@ static void __fit_close(struct fit_handle *handle) free(handle->filename); free(handle->fit_alloc); + return true; } void fit_close(struct fit_handle *handle) { - __fit_close(handle); - free(handle); + if (__fit_close(handle)) + free(handle); } static int do_bootm_fit(struct image_data *data) -- 2.47.3
