Author: tsoome Date: Sun Jan 15 20:03:13 2017 New Revision: 312237 URL: https://svnweb.freebsd.org/changeset/base/312237
Log: loader.efi: find_currdev() can leak memory The find_currdev() is using variable "copy" to store the reference to trimmed devpath pointer, if for some reason the efi_devpath_handle() fails, we will leak this copy. Also we can simplify the code there a bit. Reviewed by: allanjude Approved by: allanjude (mentor) Differential Revision: https://reviews.freebsd.org/D9191 Modified: head/sys/boot/efi/loader/main.c Modified: head/sys/boot/efi/loader/main.c ============================================================================== --- head/sys/boot/efi/loader/main.c Sun Jan 15 19:49:47 2017 (r312236) +++ head/sys/boot/efi/loader/main.c Sun Jan 15 20:03:13 2017 (r312237) @@ -219,20 +219,19 @@ find_currdev(EFI_LOADED_IMAGE *img, stru if (h == NULL) break; - if (efi_handle_lookup(h, dev, unit, extra) == 0) { - if (copy != NULL) - free(copy); + free(copy); + copy = NULL; + + if (efi_handle_lookup(h, dev, unit, extra) == 0) return (0); - } - if (copy != NULL) - free(copy); devpath = efi_lookup_devpath(h); if (devpath != NULL) { copy = efi_devpath_trim(devpath); devpath = copy; } } + free(copy); /* Try to fallback on first device */ if (devsw[0] != NULL) { _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
