Edward O'Callaghan (eocallaghan@alterapraxis.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/5353
-gerrit
commit 9f43ecd0367ec6b27c0926e9bcdf673c819fce81 Author: Edward O'Callaghan eocallaghan@alterapraxis.com Date: Sun Mar 9 00:05:18 2014 +1100
util/cbfstool: Make cbfs_image_delete() NULL-tolerant.
This fixes a double free crash that occurs when a call to cbfs_image_from_file() fails in cbfs_extract() and falls though to cbfs_image_delete() with a NULL-pointer.
To reproduce the crash pass the following arguments where the files passed, in fact, do not exist. As follows: ./cbfstool build/coreboot.rom extract -n config -f /tmp/config.txt
Change-Id: I2213ff175d0703705a0ec10271b30bb26b6f8d0a Signed-off-by: Edward O'Callaghan eocallaghan@alterapraxis.com --- util/cbfstool/cbfs_image.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/util/cbfstool/cbfs_image.c b/util/cbfstool/cbfs_image.c index b9d5f28..12bc2fe 100644 --- a/util/cbfstool/cbfs_image.c +++ b/util/cbfstool/cbfs_image.c @@ -300,6 +300,9 @@ int cbfs_image_write_file(struct cbfs_image *image, const char *filename)
int cbfs_image_delete(struct cbfs_image *image) { + if (image == NULL) + return 0; + buffer_delete(&image->buffer); image->header = NULL; return 0;