[PATCH] qfw: Fix segfault from uninitialized variables in sandbox
Kory Maincent
kory.maincent at bootlin.com
Tue Nov 4 10:58:01 CET 2025
From: "Kory Maincent (TI.com)" <kory.maincent at bootlin.com>
There are cases where qfw_read_entry() does not set the output parameter
passed by address. This occurs with qfw_sandbox_read_entry_dma, which
leaves the size variables uninitialized and causes a segfault when running
bootflow scan in U-Boot sandbox.
$ ./u-boot
...
U-Boot 2026.01-rc1-00199-gc2637036b8f0 (Nov 04 2025 - 10:32:21 +0100)
...
Hit any key to stop autoboot: 0
=> bootflow scan
efi_var_to_file() Cannot persist EFI variables without system partition
efi_tcg2_register() Missing TPMv2 device for EFI_TCG_PROTOCOL
efi_rng_register() Missing RNG device for EFI_RNG_PROTOCOL
scanning bus for devices...
[3] 1015761 segmentation fault (core dumped) ./u-boot
Initalize all these variables to 0 to fix this issue.
Signed-off-by: Kory Maincent (TI.com) <kory.maincent at bootlin.com>
---
common/qfw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/qfw.c b/common/qfw.c
index 45e87d3ae28..14d48952427 100644
--- a/common/qfw.c
+++ b/common/qfw.c
@@ -109,7 +109,7 @@ int qemu_fwcfg_setup_kernel(struct udevice *qfw_dev, ulong load_addr,
ulong initrd_addr)
{
char *data_addr;
- u32 setup_size, kernel_size, cmdline_size, initrd_size;
+ u32 setup_size = 0, kernel_size = 0, cmdline_size = 0, initrd_size = 0;
qfw_read_entry(qfw_dev, FW_CFG_SETUP_SIZE, 4, &setup_size);
qfw_read_entry(qfw_dev, FW_CFG_KERNEL_SIZE, 4, &kernel_size);
--
2.43.0
More information about the U-Boot
mailing list