[coreboot-gerrit] New patch to review for coreboot: e41ab71 nvramtool: cmos_read(): Use malloc() instead of alloca()

Mon Dec 1 20:06:32 CET 2014

Andrew Engelbrecht (sudoman at ninthfloor.org) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/7620

-gerrit

commit e41ab71f527ffc4627b5ea059e2913b0e97159f9
Author: Andrew Engelbrecht <sudoman at ninthfloor.org>
Date:   Mon Dec 1 12:22:48 2014 -0500

    nvramtool: cmos_read(): Use malloc() instead of alloca()
    
    Fixes crash occurring when 'nvramtool -a' tried to free a prematurely
    freed pointer. (Tested on x60)
    
    malloc() is correct because the pointer is accessed outside the calling
    function. The pointer is freed in the parent function list_cmos_entry().
    
    Change-Id: I1723f09740657f0f0d9e6954bd6d11c0a3820a42
    Signed-off-by: Andrew Engelbrecht <sudoman at ninthfloor.org>
---
 util/nvramtool/cmos_lowlevel.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/util/nvramtool/cmos_lowlevel.c b/util/nvramtool/cmos_lowlevel.c
index 618e8d2..c46e480 100644
--- a/util/nvramtool/cmos_lowlevel.c
+++ b/util/nvramtool/cmos_lowlevel.c
@@ -112,6 +112,9 @@ static inline void put_bits(unsigned char value, unsigned bit,
  * Read value from nonvolatile RAM at position given by 'bit' and 'length'
  * and return this value.  The I/O privilege level of the currently executing
  * process must be set appropriately.
+ *
+ * Returned value is either (unsigned long long), or malloc()'d (char *)
+ * cast to (unsigned long long)
  ****************************************************************************/
 unsigned long long cmos_read(const cmos_entry_t * e)
 {
@@ -126,7 +129,7 @@ unsigned long long cmos_read(const cmos_entry_t * e)
 
 	if (e->config == CMOS_ENTRY_STRING) {
 		int strsz = (length + 7) / 8;
-		char *newstring = alloca(strsz);
+		char *newstring = malloc(strsz);
 		unsigned usize = (8 * sizeof(unsigned long long));
 
 		if (!newstring) {

