[PATCH 1/3] ieee1275: ofdisk dangling pointer

Eric Snowberg Mon, 26 Oct 2015 14:44:37 -0700

Within commit: 87ec3b7fa9061f470616ed927fc140e995831c00 -
"Don't continue to query block-size if disk doesn't have it.”
a dangling pointer was introduced.


Fix dangling pointer issue in grub_ofdisk_open where devpath is freed
and then used again within the call to grub_ofdisk_get_block_size. This
solves many memory corruption issues we were seeing.

Signed-off-by: Eric Snowberg <eric.snowb...@oracle.com>
---
 grub-core/disk/ieee1275/ofdisk.c |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
index 331769b..4a5632c 100644
--- a/grub-core/disk/ieee1275/ofdisk.c
+++ b/grub-core/disk/ieee1275/ofdisk.c
@@ -422,10 +422,11 @@ grub_ofdisk_open (const char *name, grub_disk_t disk)
     op = ofdisk_hash_find (devpath);
     if (!op)
       op = ofdisk_hash_add (devpath, NULL);
-    else
-      grub_free (devpath);
     if (!op)
-      return grub_errno;
+      {
+        grub_free (devpath);
+        return grub_errno;
+      }
     disk->id = (unsigned long) op;
     disk->data = op->open_path;
 
-- 
1.7.1


_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel

[PATCH 1/3] ieee1275: ofdisk dangling pointer

Reply via email to