[U-Boot] [PATCH] tools/proftool: fix use-after-free
Tom Rini
trini at konsulko.com
Wed Oct 7 16:19:29 CEST 2015
On Wed, Oct 07, 2015 at 03:48:48PM +0200, Vincent Stehlé wrote:
> The read_trace_config() can dereference the line pointer after freeing
> it on its error path. Avoid that.
>
> This was found by Coverity Scan.
>
> Signed-off-by: Vincent Stehlé <vincent.stehle at freescale.com>
> Cc: Simon Glass <sjg at chromium.org>
Were you in the Coverity talk too? :) I saw this error as well today
now. I was actually thinking along the lines of:
diff --git a/tools/proftool.c b/tools/proftool.c
index 9ce7a77..b3d3057 100644
--- a/tools/proftool.c
+++ b/tools/proftool.c
@@ -433,8 +433,9 @@ static int read_trace_config(FILE *fin)
err = regcomp(&line->regex, tok, REG_NOSUB);
if (err) {
free(line);
- return regex_report_error(&line->regex, err, "compile",
+ err = regex_report_error(&line->regex, err, "compile",
tok);
+ return err;
}
/* link this new one to the end of the list */
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20151007/38022432/attachment.sig>
More information about the U-Boot
mailing list