mirror of
				https://review.coreboot.org/flashrom.git
				synced 2025-10-26 11:00:12 +01:00 
			
		
		
		
	dummyflasher.c: Prevent use-after-free bug
The memory for the `status` string is aliased by the `endptr` pointer. Moreover, `errno` could have been modified by the call to `free()`. Therefore, only free the former when there are no more uses of either. Change-Id: I1b56834004fe18918213a7df0a09a8a7ecb56985 Signed-off-by: Angel Pons <th3fanbus@gmail.com> Reviewed-on: https://review.coreboot.org/c/flashrom/+/54909 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Edward O'Callaghan <quasisec@chromium.org> Reviewed-by: Anastasia Klimchuk <aklm@chromium.org>
This commit is contained in:
		 Angel Pons
					Angel Pons
				
			
				
					committed by
					
						 Edward O'Callaghan
						Edward O'Callaghan
					
				
			
			
				
	
			
			
			 Edward O'Callaghan
						Edward O'Callaghan
					
				
			
						parent
						
							2ef2efa0fa
						
					
				
				
					commit
					be5af628bd
				
			| @@ -962,12 +962,13 @@ int dummy_init(void) | |||||||
| 	if (status) { | 	if (status) { | ||||||
| 		errno = 0; | 		errno = 0; | ||||||
| 		data->emu_status = strtoul(status, &endptr, 0); | 		data->emu_status = strtoul(status, &endptr, 0); | ||||||
| 		free(status); |  | ||||||
| 		if (errno != 0 || status == endptr) { | 		if (errno != 0 || status == endptr) { | ||||||
|  | 			free(status); | ||||||
| 			msg_perr("Error: initial status register specified, " | 			msg_perr("Error: initial status register specified, " | ||||||
| 				 "but the value could not be converted.\n"); | 				 "but the value could not be converted.\n"); | ||||||
| 			return 1; | 			return 1; | ||||||
| 		} | 		} | ||||||
|  | 		free(status); | ||||||
| 		msg_pdbg("Initial status register is set to 0x%02x.\n", | 		msg_pdbg("Initial status register is set to 0x%02x.\n", | ||||||
| 			 data->emu_status); | 			 data->emu_status); | ||||||
| 	} | 	} | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user