On Mon, Oct 07, 2013 at 09:51:48AM -0400, Steven Falco wrote: > Pass a valid cmdtp into do_tftpb(), do_ext2load(), and do_get_fat(), to avoid > possible crashes due to null pointer dereferencing. > > Signed-off-by: Steven A. Falco <stevenfa...@gmail.com> > > --- > > This doesn't apply cleanly, nor with --ignore-whitespace for me. Can > > you please re-check and re-send the patch? Thanks. > > Sorry - I've been having trouble getting Thunderbird to leave my text > alone. There was some insane "flowed text" setting that I just discovered > and disabled. > > I think I've got it right now. I'll download this email from the list > after I post it, and do a diff to be sure. > > Commit d7884e047d08447dfd1374e9fa2fdf7ab36e56f5 does not go far enough. There > is still at least one call chain that can result in a crash. > > The do_tftpb(), do_ext2load(), and do_get_fat() functions expect a valid > cmdtp. > Passing in NULL is particularly bad in the do_tftpb() case, because eventually > boot_get_kernel() will be called with a NULL cmdtp: > > do_tftpb() -> netboot_common() -> bootm_maybe_autostart() -> do_bootm() -> > do_bootm_states() -> bootm_find_os() -> boot_get_kernel() > > Around line 991 in cmd_bootm.c, boot_get_kernel() will dereference the null > pointer, and the board will crash.
With a reworded commit message to include more details, applied to u-boot/master, thanks! -- Tom
signature.asc
Description: Digital signature
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot