From 8b74c02390e70d9479b481e36318eb62fa413640 Mon Sep 17 00:00:00 2001
From: Tomasz Kulasek <tomaszx.kulasek@intel.com>
Date: Tue, 28 Jan 2020 14:50:17 +0100
Subject: [PATCH] bdev/nvme: fix crash when invoking apply_firmware RPC

When structure for output of json decoders in not initialized
spdk_json_decode_string may fail trying to free uninitialized
string.

This patch changes mallocs used to allocate context and structure
for output of decoder with calloc.

Fixes #1151

Change-Id: I180b2ec52350b4ca90e7c318b4f2d13af554ec49
Signed-off-by: Tomasz Kulasek <tomaszx.kulasek@intel.com>
Reviewed-on: https://review.gerrithub.io/c/spdk/spdk/+/483107
Reviewed-by: Alexey Marchuk <alexeymar@mellanox.com>
Reviewed-by: Tomasz Zawadzki <tomasz.zawadzki@intel.com>
Reviewed-by: Shuhei Matsumoto <shuhei.matsumoto.xt@hitachi.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>
Community-CI: Broadcom SPDK FC-NVMe CI <spdk-ci.pdl@broadcom.com>
---
 module/bdev/nvme/bdev_nvme_rpc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/module/bdev/nvme/bdev_nvme_rpc.c b/module/bdev/nvme/bdev_nvme_rpc.c
index 1e8b1aa21..7f13f8ee9 100644
--- a/module/bdev/nvme/bdev_nvme_rpc.c
+++ b/module/bdev/nvme/bdev_nvme_rpc.c
@@ -646,7 +646,7 @@ spdk_rpc_bdev_nvme_apply_firmware(struct spdk_jsonrpc_request *request,
 	struct spdk_nvme_cmd			*cmd;
 	struct firmware_update_info		*firm_ctx;
 
-	firm_ctx = malloc(sizeof(struct firmware_update_info));
+	firm_ctx = calloc(1, sizeof(struct firmware_update_info));
 	if (!firm_ctx) {
 		spdk_jsonrpc_send_error_response(request, SPDK_JSONRPC_ERROR_INTERNAL_ERROR,
 						 "Memory allocation error.");
@@ -656,7 +656,7 @@ spdk_rpc_bdev_nvme_apply_firmware(struct spdk_jsonrpc_request *request,
 	TAILQ_INIT(&firm_ctx->desc_head);
 	firm_ctx->request = request;
 
-	firm_ctx->req = malloc(sizeof(struct rpc_apply_firmware));
+	firm_ctx->req = calloc(1, sizeof(struct rpc_apply_firmware));
 	if (!firm_ctx->req) {
 		spdk_jsonrpc_send_error_response(request, SPDK_JSONRPC_ERROR_INTERNAL_ERROR,
 						 "Memory allocation error.");