Index: util/ich_descriptors_tool/ich_descriptors_tool.c

19 Nov 2013

CID1130011: Use after free
This could cause an immediate crash or incorrect values might be read
subsequently resulting in incorrect computations.
In dump_file: A pointer to freed memory is dereferenced, used as a function
argument, or otherwise used
Signed-off-by: Stefan Reinauer stefan.reinauer@coreboot.org
Index: util/ich_descriptors_tool/ich_descriptors_tool.c
===================================================================

--- util/ich_descriptors_tool/ich_descriptors_tool.c	(revision 1763)
+++ util/ich_descriptors_tool/ich_descriptors_tool.c	(working copy)
@@ -77,12 +77,13 @@
    printf("Dumping %u bytes of the %s region from 0x%08x-0x%08x to %s... ",
           file_len, region_names[i], base, limit, fn);
    int fh = open(fn, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
-	free(fn);
    if (fh < 0) {
    	fprintf(stderr,
    		"ERROR: couldn't open(%s): %s\n", fn, strerror(errno));
+		free(fn);
    	exit(1);
    }
+	free(fn);
ret = write(fh, &dump[base >> 2], file_len);
    if (ret != file_len) {

    

[PATCH] CID1130011: Use after free

Index: util/ich_descriptors_tool/ich_descriptors_tool.c