openwrt/flashrom
1
0
Fork 0
mirror of https://review.coreboot.org/flashrom.git synced 2025-04-27 07:02:34 +02:00
Code Issues Releases Wiki Activity

dummyflasher.c: Prevent use-after-free bug

Browse Source 
The memory for the `status` string is aliased by the `endptr` pointer.
Moreover, `errno` could have been modified by the call to `free()`.
Therefore, only free the former when there are no more uses of either.

Change-Id: I1b56834004fe18918213a7df0a09a8a7ecb56985
Signed-off-by: Angel Pons <th3fanbus@gmail.com>
Reviewed-on: https://review.coreboot.org/c/flashrom/+/54909
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
This commit is contained in:
Angel Pons 2021-05-25 13:03:24 +02:00 committed by Edward O'Callaghan
parent 2ef2efa0fa
commit be5af628bd
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
dummyflasher.c
View File

@ -962,12 +962,13 @@ int dummy_init(void)
if (status) {
errno = 0;
data->emu_status = strtoul(status, &endptr, 0);
free(status);
if (errno != 0 || status == endptr) {
free(status);
msg_perr("Error: initial status register specified, "
"but the value could not be converted.\n");
return 1;
}
free(status);
msg_pdbg("Initial status register is set to 0x%02x.\n",
data->emu_status);
}