[PATCH] cmd: extension: Fix possible null pointer dereference
Kory Maincent
kory.maincent at bootlin.com
Wed Nov 12 15:50:36 CET 2025
On Wed, 12 Nov 2025 15:12:34 +0100
Quentin Schulz <quentin.schulz at cherry.de> wrote:
> Hi Köry,
>
> On 11/12/25 2:07 PM, Kory Maincent wrote:
> > From: "Kory Maincent (TI.com)" <kory.maincent at bootlin.com>
> >
> > Add a null check for extension_list before calling alist_get_ptr() to
> > prevent a potential null pointer dereference. If extension_get_list()
> > returns NULL, alist_get_ptr() would attempt to dereference it, leading
> > to undefined behavior.
> >
> > The fix ensures both extension_list and its first element are checked
> > before proceeding with the list operation.
> >
> > Closes: https://lists.denx.de/pipermail/u-boot/2025-November/602892.html
> > Fixes: 2d12958ee71b ("boot: Remove legacy extension board support")
> > Signed-off-by: Kory Maincent (TI.com) <kory.maincent at bootlin.com>
> > ---
> > cmd/extension_board.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/cmd/extension_board.c b/cmd/extension_board.c
> > index 86e4795ba8a..1b92be82611 100644
> > --- a/cmd/extension_board.c
> > +++ b/cmd/extension_board.c
> > @@ -99,7 +99,7 @@ static int do_extension_list(struct cmd_tbl *cmdtp, int
> > flag, int i = 0;
> >
> > extension_list = extension_get_list();
> > - if (!alist_get_ptr(extension_list, 0)) {
> > + if (!extension_list || !alist_get_ptr(extension_list, 0)) {
>
> Is it possible that one runs extension scan which returns no supported
> extension (alist_empty(), the default state before calling the scan()
> ops for the extension uclass driver)?
Yes, we can have no extension plugged, therefore the scan won't find any
extension. i.e. empty list.
> In which case, we should only check whether extension_list is NULL and
> not whether there's at least one extension?
extension_list being NULL mean that there is no support for board specific
extension driver. Maybe we could have another error message for that case.
"Extension not supported"
> Or at least have a different error code between "scan wasn't run" and
> "scan returned no extension", if that is a distinction we can make?
We could plug or unplug an extension. So it could change over time.
I wrote it similarly to mmc rescan command.
Regards,
--
Köry Maincent, Bootlin
Embedded Linux and kernel engineering
https://bootlin.com
More information about the U-Boot
mailing list