[PATCH] efi_loader: fix memory leak in efi_var_collect
Heinrich Schuchardt
heinrich.schuchardt at canonical.com
Sun Jun 21 10:25:58 CEST 2026
On 6/19/26 10:38, Ilias Apalodimas wrote:
> Barebox has now ported some of the UEFI code. In the process
> they found some bugs.
>
> In this case when the variable buffer is too small, efi_var_collect()
> returns EFI_BUFFER_TOO_SMALL but doesn't free the allocated 'buf'.
>
> Fixes: 5f7dcf079de8c ("efi_loader: UEFI variable persistence")
> Signed-off-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> ---
> lib/efi_loader/efi_var_common.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c
> index d63c2d1b1cd8..e51b21fe0b0d 100644
> --- a/lib/efi_loader/efi_var_common.c
> +++ b/lib/efi_loader/efi_var_common.c
> @@ -446,8 +446,10 @@ efi_status_t __maybe_unused efi_var_collect(struct efi_var_file **bufp, loff_t *
> efi_status_t ret;
>
> if ((uintptr_t)buf + len <=
> - (uintptr_t)var->name + old_var_name_length)
> + (uintptr_t)var->name + old_var_name_length) {
> + free(buf);
> return EFI_BUFFER_TOO_SMALL;
> + }
>
> var_name_length = (uintptr_t)buf + len - (uintptr_t)var->name;
> memcpy(var->name, old_var->name, old_var_name_length);
More information about the U-Boot
mailing list