[PATCH] cmd: extension: Fix possible null pointer dereference
Heinrich Schuchardt
heinrich.schuchardt at canonical.com
Mon Nov 17 12:06:28 CET 2025
On 11/12/25 14:07, Kory Maincent wrote:
> From: "Kory Maincent (TI.com)" <kory.maincent at bootlin.com>
>
> Add a null check for extension_list before calling alist_get_ptr() to
> prevent a potential null pointer dereference. If extension_get_list()
> returns NULL, alist_get_ptr() would attempt to dereference it, leading
> to undefined behavior.
>
> The fix ensures both extension_list and its first element are checked
> before proceeding with the list operation.
>
> Closes: https://lists.denx.de/pipermail/u-boot/2025-November/602892.html
> Fixes: 2d12958ee71b ("boot: Remove legacy extension board support")
Please, add
Addresses-Coverity-ID: 638557 - Null pointer dereferences
(NULL_RETURNS)
so that we know that the Coverity issue was addressed.
> Signed-off-by: Kory Maincent (TI.com) <kory.maincent at bootlin.com>
> ---
> cmd/extension_board.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/cmd/extension_board.c b/cmd/extension_board.c
> index 86e4795ba8a..1b92be82611 100644
> --- a/cmd/extension_board.c
> +++ b/cmd/extension_board.c
> @@ -99,7 +99,7 @@ static int do_extension_list(struct cmd_tbl *cmdtp, int flag,
> int i = 0;
>
> extension_list = extension_get_list();
> - if (!alist_get_ptr(extension_list, 0)) {
> + if (!extension_list || !alist_get_ptr(extension_list, 0)) {
> printf("No extension registered - Please run \"extension scan\"\n");
> return CMD_RET_SUCCESS;
If extension_list is NULL scanning, there is no extension device and
nothing to scan. We should separate the two cases.
See my suggested patch
[PATCH 1/1] cmd/extension: avoid NULL pointer dereference
https://lore.kernel.org/u-boot/20251116114153.118217-1-heinrich.schuchardt@canonical.com/
Best regards
Heinrich
> }
More information about the U-Boot
mailing list