[PATCH v2 2/3] efi_loader: Prevent dereference of uninitialised variable
Heinrich Schuchardt
xypron.glpk at gmx.de
Wed Jul 2 12:34:35 CEST 2025
On 02.07.25 12:01, Andrew Goodbody wrote:
> If phandler is returned as NULL from efi_search_protocol then
> protocol_interface is never assigned to. Instead return
> EFI_UNSUPPORTED as per the spec.
>
> This issue found by Smatch.
>
> Also eliminate the use of the variable protocol_interface as it is not
> needed.
>
> Signed-off-by: Andrew Goodbody <andrew.goodbody at linaro.org>
Thanks a lot for fixing this.
Reviewed-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
> ---
> lib/efi_loader/efi_http.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/lib/efi_loader/efi_http.c b/lib/efi_loader/efi_http.c
> index 189317fe2d2..9a0f2675132 100644
> --- a/lib/efi_loader/efi_http.c
> +++ b/lib/efi_loader/efi_http.c
> @@ -453,7 +453,6 @@ static efi_status_t EFIAPI efi_http_service_binding_destroy_child(
> efi_status_t ret = EFI_SUCCESS;
> struct efi_http_instance *http_instance;
> struct efi_handler *phandler;
> - void *protocol_interface;
>
> if (num_instances == 0)
> return EFI_EXIT(EFI_NOT_FOUND);
> @@ -463,18 +462,18 @@ static efi_status_t EFIAPI efi_http_service_binding_destroy_child(
>
> efi_search_protocol(child_handle, &efi_http_guid, &phandler);
>
> - if (phandler)
> - protocol_interface = phandler->protocol_interface;
> + if (!phandler)
> + return EFI_EXIT(EFI_UNSUPPORTED);
>
> ret = efi_delete_handle(child_handle);
> if (ret != EFI_SUCCESS)
> return EFI_EXIT(ret);
>
> - http_instance = (struct efi_http_instance *)protocol_interface;
> + http_instance = phandler->protocol_interface;
> efi_free_pool(http_instance->http_load_addr);
> http_instance->http_load_addr = NULL;
>
> - free(protocol_interface);
> + free(phandler->protocol_interface);
>
> num_instances--;
>
>
More information about the U-Boot
mailing list