[flashrom] [PATCH] CID1130011: Use after free
Stefan Tauner
stefan.tauner at alumni.tuwien.ac.at
Sat Apr 26 20:48:15 CEST 2014
On Tue, 19 Nov 2013 20:35:57 +0100
Stefan Reinauer <stefan.reinauer at coreboot.org> wrote:
> CID1130011: Use after free
>
> This could cause an immediate crash or incorrect values might be read
> subsequently resulting in incorrect computations.
> In dump_file: A pointer to freed memory is dereferenced, used as a function
> argument, or otherwise used
>
> Signed-off-by: Stefan Reinauer <stefan.reinauer at coreboot.org>
>
> Index: util/ich_descriptors_tool/ich_descriptors_tool.c
> ===================================================================
> --- util/ich_descriptors_tool/ich_descriptors_tool.c (revision 1763)
> +++ util/ich_descriptors_tool/ich_descriptors_tool.c (working copy)
> @@ -77,12 +77,13 @@
> printf("Dumping %u bytes of the %s region from 0x%08x-0x%08x to %s... ",
> file_len, region_names[i], base, limit, fn);
> int fh = open(fn, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
> - free(fn);
> if (fh < 0) {
> fprintf(stderr,
> "ERROR: couldn't open(%s): %s\n", fn, strerror(errno));
> + free(fn);
> exit(1);
> }
> + free(fn);
>
> ret = write(fh, &dump[base >> 2], file_len);
> if (ret != file_len) {
Acked-by: Stefan Tauner <stefan.tauner at alumni.tuwien.ac.at>
and committed in r1771, thanks!
--
Kind regards/Mit freundlichen Grüßen, Stefan Tauner
More information about the flashrom
mailing list