ft2232_spi.c: Improve handling of static buffer

If `buf` became NULL because of an error, subsequent calls to the
`ft2232_spi_send_command` function with a smaller buffer size will
result in a null pointer dereference. Add an additional null check
before using `buf` to prevent that. Moreover, use `size_t` for the
`bufsize` and `oldbufsize` variables, as it's what `realloc` uses.

Change-Id: Idc4237ddca94c42ce2a930e6d00fd2d14e4f125c
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Original-Reviewed-on: https://review.coreboot.org/c/flashrom/+/39975
Original-Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Original-Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-on: https://review.coreboot.org/c/flashrom-stable/+/71308
Reviewed-by: Nico Huber <nico.h@gmx.de>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
diff --git a/ft2232_spi.c b/ft2232_spi.c
index ee19eef..5e9c61d 100644
--- a/ft2232_spi.c
+++ b/ft2232_spi.c
@@ -456,8 +456,8 @@
 	static unsigned char *buf = NULL;
 	/* failed is special. We use bitwise ops, but it is essentially bool. */
 	int i = 0, ret = 0, failed = 0;
-	int bufsize;
-	static int oldbufsize = 0;
+	size_t bufsize;
+	static size_t oldbufsize = 0;
 
 	if (writecnt > 65536 || readcnt > 65536)
 		return SPI_INVALID_LENGTH;
@@ -465,7 +465,7 @@
 	/* buf is not used for the response from the chip. */
 	bufsize = max(writecnt + 9, 260 + 9);
 	/* Never shrink. realloc() calls are expensive. */
-	if (bufsize > oldbufsize) {
+	if (!buf || bufsize > oldbufsize) {
 		buf = realloc(buf, bufsize);
 		if (!buf) {
 			msg_perr("Out of memory!\n");