[PATCH] cmd: bcb: Fix segfault on invalid block device

Mattijs Korpershoek mkorpershoek at baylibre.com
Wed Jul 24 11:51:06 CEST 2024


When blk_get_dev() fails, block NULL and gets de-referenced in
the error path by a printf(), resulting in a crash.

This can be reproduced on sandbox with:

$ ./u-boot --command "bcb load mmc 0 0"

Fix the message by using the functions arguments (iface, devnum)
instead.

Note: partition (being a global static initialized) can be used safely.

This issue has been reported by coverity [1]

[1] https://lore.kernel.org/all/20240723141844.GF989285@bill-the-cat/

Fixes: dfeb4f0d7935 ("cmd: bcb: extend BCB C API to allow read/write the fields")
Signed-off-by: Mattijs Korpershoek <mkorpershoek at baylibre.com>
---
 cmd/bcb.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/bcb.c b/cmd/bcb.c
index fe6d6cb2c381..97a96c009641 100644
--- a/cmd/bcb.c
+++ b/cmd/bcb.c
@@ -172,8 +172,8 @@ static int __bcb_initialize(const char *iface, int devnum, const char *partp)
 	return CMD_RET_SUCCESS;
 
 err_read_fail:
-	printf("Error: %d %d:%s read failed (%d)\n", block->uclass_id,
-	       block->devnum, partition->name, ret);
+	printf("Error: %s %d:%s read failed (%d)\n", iface, devnum,
+	       partition->name, ret);
 	__bcb_reset();
 	return CMD_RET_FAILURE;
 }

---
base-commit: f659ba43837e5ae5a35fdff3736c8e13f9062abd
change-id: 20240724-bcb-crash-a491e603612d

Best regards,
-- 
Mattijs Korpershoek <mkorpershoek at baylibre.com>



More information about the U-Boot mailing list