[U-Boot] [PATCH 1/1] efi_loader: HII protocols: fix new_package_list()

[AKASHI Takahiro]

On Thu, Feb 28, 2019 at 11:20:34PM +0100, Heinrich Schuchardt wrote:
> In new_package_list() we call new_packagelist() to create a new package
> list. Next we try to add the packages which fails for form packages. Due
> to this error we call free_packagelist(). Now in free_packagelist()
> list_del() is called for an uninitialized field hii->link. This leads to
> changing random memory addresses.
> 
> To solve the problem move the initialization of hii->link to
> new_packagelist().
> 
> Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
> ---
> @Takahiro:
> Please, review the patch.

Good catch, thank you.

Reviewed-by: AKASHI Takahiro <takahiro.akashi at linaro.org>

> ---
>  lib/efi_loader/efi_hii.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/efi_loader/efi_hii.c b/lib/efi_loader/efi_hii.c
> index d63d2d84184..0ed4b196333 100644
> --- a/lib/efi_loader/efi_hii.c
> +++ b/lib/efi_loader/efi_hii.c
> @@ -343,6 +343,7 @@ static struct efi_hii_packagelist *new_packagelist(void)
>  	struct efi_hii_packagelist *hii;
>  
>  	hii = malloc(sizeof(*hii));
> +	list_add_tail(&hii->link, &efi_package_lists);
>  	hii->max_string_id = 0;
>  	INIT_LIST_HEAD(&hii->string_tables);
>  	INIT_LIST_HEAD(&hii->guid_list);
> @@ -465,7 +466,6 @@ new_package_list(const struct efi_hii_database_protocol *this,
>  	}
>  
>  	hii->driver_handle = driver_handle;
> -	list_add_tail(&hii->link, &efi_package_lists);
>  	*handle = hii;
>  
>  	return EFI_EXIT(EFI_SUCCESS);
> -- 
> 2.20.1
>