[PATCH 0/2] Console/stdio use after free
Simon Glass
sjg at chromium.org
Wed Jan 20 15:18:43 CET 2021
Hi Nicolas,
On Wed, 20 Jan 2021 at 07:04, Nicolas Saenz Julienne
<nsaenzjulienne at suse.de> wrote:
>
> With today's master, 70c2525c0d3c ('IOMUX: Stop dropped consoles')
> introduces a use after free in usb_kbd_remove():
>
> - usbkbd's stdio device is de-registered with stdio_deregister_dev(),
> the struct stdio_dev is freed.
>
> - iomux_doenv() is called, usbkbd removed from the console list, and
> console_stop() is called on the struct stdio_dev pointer that no
> longer exists.
>
> This series mitigates this by making sure the pointer is really a stdio
> device prior performing the stop operation. It's not ideal, but I
> couldn't figure out a nicer way to fix this.
Your 'from' address is coming through as just your email. Could you
please update it to include your name as well?
Regards,
Simon
More information about the U-Boot
mailing list