[flashrom] [PATCH] CID1130011: Use after free
Stefan Reinauer
stefan.reinauer at coreboot.org
Tue Nov 19 20:35:57 CET 2013
CID1130011: Use after free
This could cause an immediate crash or incorrect values might be read
subsequently resulting in incorrect computations.
In dump_file: A pointer to freed memory is dereferenced, used as a function
argument, or otherwise used
Signed-off-by: Stefan Reinauer <stefan.reinauer at coreboot.org>
Index: util/ich_descriptors_tool/ich_descriptors_tool.c
===================================================================
--- util/ich_descriptors_tool/ich_descriptors_tool.c (revision 1763)
+++ util/ich_descriptors_tool/ich_descriptors_tool.c (working copy)
@@ -77,12 +77,13 @@
printf("Dumping %u bytes of the %s region from 0x%08x-0x%08x to %s... ",
file_len, region_names[i], base, limit, fn);
int fh = open(fn, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
- free(fn);
if (fh < 0) {
fprintf(stderr,
"ERROR: couldn't open(%s): %s\n", fn, strerror(errno));
+ free(fn);
exit(1);
}
+ free(fn);
ret = write(fh, &dump[base >> 2], file_len);
if (ret != file_len) {
More information about the flashrom
mailing list