[PATCH 2/5] efi_selftest: fix buffer overflow and memory leak
Ilias Apalodimas
ilias.apalodimas at linaro.org
Fri Feb 20 10:10:48 CET 2026
On Thu, 19 Feb 2026 at 20:44, Vincent Stehlé <vincent.stehle at arm.com> wrote:
>
> The test of the UEFI UninstallMultipleProtocolInterfaces() function clears
> a buffer returned by LocateHandleBuffer() at some point, but there is an
> error in the size computation, which leads to a buffer overflow.
> The buffer is also never freed, which leads to a memory leak.
>
> As the buffer is in fact not reused during the test, fix both errors by
> simply freeing the buffer.
>
> Fixes: 927ca890b09f ("efi_selftest: test protocol management")
> Signed-off-by: Vincent Stehlé <vincent.stehle at arm.com>
> Cc: Heinrich Schuchardt <xypron.glpk at gmx.de>
> Cc: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> Cc: Tom Rini <trini at konsulko.com>
> ---
Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> lib/efi_selftest/efi_selftest_manageprotocols.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/lib/efi_selftest/efi_selftest_manageprotocols.c b/lib/efi_selftest/efi_selftest_manageprotocols.c
> index ccffa59095d..0334a074866 100644
> --- a/lib/efi_selftest/efi_selftest_manageprotocols.c
> +++ b/lib/efi_selftest/efi_selftest_manageprotocols.c
> @@ -319,7 +319,12 @@ static int execute(void)
> efi_st_error("Failed to locate new handle\n");
> return EFI_ST_FAILURE;
> }
> - boottime->set_mem(buffer, sizeof(efi_handle_t) * buffer_size, 0);
> + /* Release buffer */
> + ret = boottime->free_pool(buffer);
> + if (ret != EFI_SUCCESS) {
> + efi_st_error("FreePool failed\n");
> + return EFI_ST_FAILURE;
> + }
>
> /*
> * Test ProtocolsPerHandle
> --
> 2.51.0
>
More information about the U-Boot
mailing list