From: Simon Glass <sjg@chromium.org> The Android bootmeth allocates a slot string inside android_priv but bootflow_free() only calls free() on the priv struct itself, so the string is never freed. In some paths the code sets bootmeth_priv to NULL without freeing anything. Implement free_bootflow() to free the slot string before the priv struct. Signed-off-by: Simon Glass <sjg@chromium.org> --- boot/bootmeth_android.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/boot/bootmeth_android.c b/boot/bootmeth_android.c index 20fcc2f46f9..3fa07680025 100644 --- a/boot/bootmeth_android.c +++ b/boot/bootmeth_android.c @@ -606,10 +606,19 @@ static int android_bootmeth_bind(struct udevice *dev) return 0; } +static void android_free_bootflow(struct udevice *dev, struct bootflow *bflow) +{ + struct android_priv *priv = bflow->bootmeth_priv; + + if (priv) + free(priv->slot); +} + static struct bootmeth_ops android_bootmeth_ops = { .check = android_check, .read_bootflow = android_read_bootflow, .read_file = android_read_file, + .free_bootflow = android_free_bootflow, .boot = android_boot, }; -- 2.43.0