[U-Boot] [PATCH] tools/proftool: fix use-after-free
Vincent Stehlé
vincent.stehle at freescale.com
Wed Oct 7 16:35:53 CEST 2015
On 10/07/2015 04:19 PM, Tom Rini wrote:
..
> Were you in the Coverity talk too? :)
Hi Tom,
No, I was not following that talk, sorry.
..
> free(line);
> - return regex_report_error(&line->regex, err, "compile",
> + err = regex_report_error(&line->regex, err, "compile",
> tok);
> + return err;
I am not sure you solve the problem this way. Indeed the structure
pointed to by the line pointer will still have been freed before use
even this way. Who knows what the memory contains when regerror() will
access &line->regex, which is contained into the freed structure?
Best regards,
V.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20151007/15a57976/attachment.sig>
More information about the U-Boot
mailing list