An Internal (at Red Hat) static soure code scan detected the issue below,
pointing to an use-after-free scenario so remove the extra file close
call.
Error: USE_AFTER_FREE (CWE-416):
grub-2.06/grub-core/commands/legacycfg.c:194: freed_arg: "grub_file_close"
frees "file".
grub-2.06/grub-core/commands/legacycfg.c:201: deref_arg: Calling
"grub_file_close" dereferences freed pointer "file".
# 199| if (!args)
# 200| {
# 201|-> grub_file_close (file);
# 202| grub_free (suffix);
# 203| grub_free (entrysrc);
Signed-off-by: Leo Sandoval <lsand...@redhat.com>
---
grub-core/commands/legacycfg.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c
index e9e9d94ef..3bf9fe2e4 100644
--- a/grub-core/commands/legacycfg.c
+++ b/grub-core/commands/legacycfg.c
@@ -198,7 +198,6 @@ legacy_file (const char *filename)
const char **args = grub_malloc (sizeof (args[0]));
if (!args)
{
- grub_file_close (file);
grub_free (suffix);
grub_free (entrysrc);
return grub_errno;
--
2.46.2
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
