[PATCH 0/2] Console/stdio use after free
Nicolas Saenz Julienne
nsaenzjulienne at suse.de
Wed Jan 20 15:44:27 CET 2021
On Wed, 2021-01-20 at 07:18 -0700, Simon Glass wrote:
> Hi Nicolas,
>
> On Wed, 20 Jan 2021 at 07:04, Nicolas Saenz Julienne
> <nsaenzjulienne at suse.de> wrote:
> >
> > With today's master, 70c2525c0d3c ('IOMUX: Stop dropped consoles')
> > introduces a use after free in usb_kbd_remove():
> >
> > - usbkbd's stdio device is de-registered with stdio_deregister_dev(),
> > the struct stdio_dev is freed.
> >
> > - iomux_doenv() is called, usbkbd removed from the console list, and
> > console_stop() is called on the struct stdio_dev pointer that no
> > longer exists.
> >
> > This series mitigates this by making sure the pointer is really a stdio
> > device prior performing the stop operation. It's not ideal, but I
> > couldn't figure out a nicer way to fix this.
>
> Your 'from' address is coming through as just your email. Could you
> please update it to include your name as well?
OK, do you want me to re-send the series?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210120/a65fbb52/attachment.sig>
More information about the U-Boot
mailing list