mirror of
https://github.com/u-boot/u-boot.git
synced 2025-04-21 04:14:34 +00:00
cmd: gpt: Fix freeing gpt_pte in gpt_verify()
In case when either gpt_verify_headers() or gpt_verify_partitions()
fails, the memory allocated for gpt_pte will be freed in those functions
internally, but gpt_pte will still contain non-NULL dangling pointer.
The attempt to free it in those cases in gpt_verify() leads to "use
after free" error, which leads to a "Synchronous abort" exception.
This issue was found by running the next command on the device with
incorrect partition table:
=> gpt verify mmc 0 $partitions
which results to:
No partition list provided - only basic check
"Synchronous Abort" handler, esr 0x96000021, far 0xba247bff
....
Fix the issue by only freeing gpt_pte if none of those functions failed.
Fixes: bbb9ffac60 ("gpt: command: Extend gpt command to support GPT table verification")
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
This commit is contained in:
Sam Protsenko
Tom Rini
parent
b85ecb276b
commit
04c63f134c
1 changed files with 2 additions and 1 deletions
|
|
@ -682,7 +682,8 @@ static int gpt_verify(struct blk_desc *blk_dev_desc, const char *str_part)
|
|||
free(str_disk_guid);
|
||||
free(partitions);
|
||||
out:
|
||||
free(gpt_pte);
|
||||
if (!ret)
|
||||
free(gpt_pte);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue