Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-26 06:50:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fiptool: Fix use after free

Browse source 
Commit 880b9e8b4c (Add padding at the end
of the last entry) added code using toc_entry pointer, whose memory is
already freed via variable buf. This causes enormous padding on openSUSE.

Free the memory buffer only after padding is done.

Signed-off-by: Andreas Färber <afaerber@suse.de>
This commit is contained in:
Andreas Färber 2018-01-27 16:46:59 +01:00
parent f478253da8
commit 8e4cdd2210
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
tools/fiptool/fiptool.c
View file

@ -543,7 +543,6 @@ static int pack_images(const char *filename, uint64_t toc_flags, unsigned long a
log_dbgx("Metadata size: %zu bytes", buf_size); log_dbgx("Metadata size: %zu bytes", buf_size);
xfwrite(buf, buf_size, fp, filename); xfwrite(buf, buf_size, fp, filename);
free(buf);
if (verbose) if (verbose)
log_dbgx("Payload size: %zu bytes", payload_size); log_dbgx("Payload size: %zu bytes", payload_size);
@ -566,6 +565,7 @@ static int pack_images(const char *filename, uint64_t toc_flags, unsigned long a
while (pad_size--) while (pad_size--)
fputc(0x0, fp); fputc(0x0, fp);
free(buf);
fclose(fp); fclose(fp);
return 0; return 0;
} }