[coreboot-gerrit] New patch to review for coreboot: e41ab71 nvramtool: cmos_read(): Use malloc() instead of alloca()
Andrew Engelbrecht (sudoman@ninthfloor.org)
gerrit at coreboot.org
Mon Dec 1 20:06:32 CET 2014
Andrew Engelbrecht (sudoman at ninthfloor.org) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/7620
-gerrit
commit e41ab71f527ffc4627b5ea059e2913b0e97159f9
Author: Andrew Engelbrecht <sudoman at ninthfloor.org>
Date: Mon Dec 1 12:22:48 2014 -0500
nvramtool: cmos_read(): Use malloc() instead of alloca()
Fixes crash occurring when 'nvramtool -a' tried to free a prematurely
freed pointer. (Tested on x60)
malloc() is correct because the pointer is accessed outside the calling
function. The pointer is freed in the parent function list_cmos_entry().
Change-Id: I1723f09740657f0f0d9e6954bd6d11c0a3820a42
Signed-off-by: Andrew Engelbrecht <sudoman at ninthfloor.org>
---
util/nvramtool/cmos_lowlevel.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/util/nvramtool/cmos_lowlevel.c b/util/nvramtool/cmos_lowlevel.c
index 618e8d2..c46e480 100644
--- a/util/nvramtool/cmos_lowlevel.c
+++ b/util/nvramtool/cmos_lowlevel.c
@@ -112,6 +112,9 @@ static inline void put_bits(unsigned char value, unsigned bit,
* Read value from nonvolatile RAM at position given by 'bit' and 'length'
* and return this value. The I/O privilege level of the currently executing
* process must be set appropriately.
+ *
+ * Returned value is either (unsigned long long), or malloc()'d (char *)
+ * cast to (unsigned long long)
****************************************************************************/
unsigned long long cmos_read(const cmos_entry_t * e)
{
@@ -126,7 +129,7 @@ unsigned long long cmos_read(const cmos_entry_t * e)
if (e->config == CMOS_ENTRY_STRING) {
int strsz = (length + 7) / 8;
- char *newstring = alloca(strsz);
+ char *newstring = malloc(strsz);
unsigned usize = (8 * sizeof(unsigned long long));
if (!newstring) {
More information about the coreboot-gerrit
mailing list