From f3687f7177f094288ab8e0fa0d9bbcde6ca419f4 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Tue, 28 Feb 2017 15:11:54 +0800
Subject: [PATCH] spi_flash: fix memory leak when spi_flash_mmap arguments are
 invalid

Check src_addr and size first, then allocate new_entry.
---
 components/spi_flash/flash_mmap.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/components/spi_flash/flash_mmap.c b/components/spi_flash/flash_mmap.c
index 8d284c60a4..d67bdc85b2 100644
--- a/components/spi_flash/flash_mmap.c
+++ b/components/spi_flash/flash_mmap.c
@@ -93,16 +93,16 @@ esp_err_t IRAM_ATTR spi_flash_mmap(size_t src_addr, size_t size, spi_flash_mmap_
 {
     esp_err_t ret;
     bool did_flush, need_flush = false;
-    mmap_entry_t* new_entry = (mmap_entry_t*) malloc(sizeof(mmap_entry_t));
-    if (new_entry == 0) {
-        return ESP_ERR_NO_MEM;
-    }
     if (src_addr & 0xffff) {
         return ESP_ERR_INVALID_ARG;
     }
     if (src_addr + size > g_rom_flashchip.chip_size) {
         return ESP_ERR_INVALID_ARG;
     }
+    mmap_entry_t* new_entry = (mmap_entry_t*) malloc(sizeof(mmap_entry_t));
+    if (new_entry == 0) {
+        return ESP_ERR_NO_MEM;
+    }
 
     spi_flash_disable_interrupts_caches_and_other_cpu();
 
-- 
2.40.0