[PATCH 2/4] efi_loader: illegal free in EFI_LOAD_FILE2_PROTOCOL
Heinrich Schuchardt
xypron.glpk at gmx.de
Sat Oct 3 13:57:14 CEST 2020
strsep() changes the address that its first argument points to.
We cannot use the changed address as argument of free().
Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
---
lib/efi_loader/efi_load_initrd.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/lib/efi_loader/efi_load_initrd.c b/lib/efi_loader/efi_load_initrd.c
index ff69e6eb79..d517d686c3 100644
--- a/lib/efi_loader/efi_load_initrd.c
+++ b/lib/efi_loader/efi_load_initrd.c
@@ -98,19 +98,20 @@ efi_load_file2_initrd(struct efi_load_file_protocol *this,
struct efi_device_path *file_path, bool boot_policy,
efi_uintn_t *buffer_size, void *buffer)
{
- const char *filespec = CONFIG_EFI_INITRD_FILESPEC;
+ char *filespec;
efi_status_t status = EFI_NOT_FOUND;
loff_t file_sz = 0, read_sz = 0;
char *dev, *part, *file;
- char *s;
+ char *pos;
int ret;
EFI_ENTRY("%p, %p, %d, %p, %p", this, file_path, boot_policy,
buffer_size, buffer);
- s = strdup(filespec);
- if (!s)
+ filespec = strdup(CONFIG_EFI_INITRD_FILESPEC);
+ if (!filespec)
goto out;
+ pos = filespec;
if (!this || this != &efi_lf2_protocol ||
!buffer_size) {
@@ -136,13 +137,13 @@ efi_load_file2_initrd(struct efi_load_file_protocol *this,
* * a device and partition identifier, e.g. "0:1"
* * a file path on the block device, e.g. "/boot/initrd.cpio.gz"
*/
- dev = strsep(&s, " ");
+ dev = strsep(&pos, " ");
if (!dev)
goto out;
- part = strsep(&s, " ");
+ part = strsep(&pos, " ");
if (!part)
goto out;
- file = strsep(&s, " ");
+ file = strsep(&pos, " ");
if (!file)
goto out;
@@ -170,7 +171,7 @@ efi_load_file2_initrd(struct efi_load_file_protocol *this,
}
out:
- free(s);
+ free(filespec);
return EFI_EXIT(status);
}
--
2.28.0
More information about the U-Boot
mailing list