In grub-core/kern/efi/mm.c, grub_efi_finish_boot_services() has an instance
where the memory for the variable finish_mmap_buf is freed, but on the next
iteration of a while loop, grub_efi_get_memory_map() uses finish_mmap_buf. To
prevent this, we can set finish_mmap_buf to NULL after the free.
Signed-off-by: Alec Brown <alec.r.br...@oracle.com>
---
grub-core/kern/efi/mm.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
index 3705b8b1b..c74ccbb05 100644
--- a/grub-core/kern/efi/mm.c
+++ b/grub-core/kern/efi/mm.c
@@ -263,6 +263,7 @@ grub_efi_finish_boot_services (grub_efi_uintn_t
*outbuf_size, void *outbuf,
&finish_desc_size, &finish_desc_version) <=
0)
{
grub_free (finish_mmap_buf);
+ finish_mmap_buf = NULL;
return grub_error (GRUB_ERR_IO, "couldn't retrieve memory map");
}
@@ -275,10 +276,12 @@ grub_efi_finish_boot_services (grub_efi_uintn_t
*outbuf_size, void *outbuf,
if (status != GRUB_EFI_INVALID_PARAMETER)
{
grub_free (finish_mmap_buf);
+ finish_mmap_buf = NULL;
return grub_error (GRUB_ERR_IO, "couldn't terminate EFI services");
}
grub_free (finish_mmap_buf);
+ finish_mmap_buf = NULL;
grub_printf ("Trying to terminate EFI services again\n");
}
grub_efi_is_finished = 1;
--
2.27.0
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
