[U-Boot] [PATCH] arm: mvebu: kwbimage: inline function to fix use-after-free
Stefan Roese
stefan.roese at mailbox.org
Wed May 31 08:58:20 UTC 2017
On 10.05.2017 22:18, Patrick Wildt wrote:
> image_version_file()'s only use is to return the version number of the
> specified image, and it's only called by kwbimage_generate(). This
> version function mallocs "image_cfg" and reads the contents of the image
> into that buffer. Before return to its caller it frees the buffer.
>
> After extracting the version, kwb_image_generate() tries to calculate
> the header size by calling image_headersz_v1(). This function now
> accesses "image_cfg", which has already been freed.
>
> Since image_version_file() is only used by a single function, inline it
> into kwbimage_generate() and only free the buffer after it is no longer
> needed. This also improves code readability since the code is mostly
> equal to kwbimage_set_header().
>
> Signed-off-by: Patrick Wildt <patrick at blueri.se>
Applied to u-boot-marvell/master.
Thanks,
Stefan
More information about the U-Boot
mailing list