When blk_get_dev() fails, block NULL and gets de-referenced in the error path by a printf(), resulting in a crash.
This can be reproduced on sandbox with: $ ./u-boot --command "bcb load mmc 0 0" Fix the message by using the functions arguments (iface, devnum) instead. Note: partition (being a global static initialized) can be used safely. This issue has been reported by coverity [1] [1] https://lore.kernel.org/all/20240723141844.GF989285@bill-the-cat/ Fixes: dfeb4f0d7935 ("cmd: bcb: extend BCB C API to allow read/write the fields") Signed-off-by: Mattijs Korpershoek <mkorpersh...@baylibre.com> --- cmd/bcb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/bcb.c b/cmd/bcb.c index fe6d6cb2c381..97a96c009641 100644 --- a/cmd/bcb.c +++ b/cmd/bcb.c @@ -172,8 +172,8 @@ static int __bcb_initialize(const char *iface, int devnum, const char *partp) return CMD_RET_SUCCESS; err_read_fail: - printf("Error: %d %d:%s read failed (%d)\n", block->uclass_id, - block->devnum, partition->name, ret); + printf("Error: %s %d:%s read failed (%d)\n", iface, devnum, + partition->name, ret); __bcb_reset(); return CMD_RET_FAILURE; } --- base-commit: f659ba43837e5ae5a35fdff3736c8e13f9062abd change-id: 20240724-bcb-crash-a491e603612d Best regards, -- Mattijs Korpershoek <mkorpersh...@baylibre.com>
