[flashrom] [PATCH] CID1130011: Use after free

Stefan Tauner stefan.tauner at alumni.tuwien.ac.at
Sat Apr 26 20:48:15 CEST 2014


On Tue, 19 Nov 2013 20:35:57 +0100
Stefan Reinauer <stefan.reinauer at coreboot.org> wrote:

> CID1130011: Use after free
> 
> This could cause an immediate crash or incorrect values might be read
> subsequently resulting in incorrect computations.
> In dump_file: A pointer to freed memory is dereferenced, used as a function
> argument, or otherwise used
> 
> Signed-off-by: Stefan Reinauer <stefan.reinauer at coreboot.org>
> 
> Index: util/ich_descriptors_tool/ich_descriptors_tool.c
> ===================================================================
> --- util/ich_descriptors_tool/ich_descriptors_tool.c	(revision 1763)
> +++ util/ich_descriptors_tool/ich_descriptors_tool.c	(working copy)
> @@ -77,12 +77,13 @@
>  	printf("Dumping %u bytes of the %s region from 0x%08x-0x%08x to %s... ",
>  	       file_len, region_names[i], base, limit, fn);
>  	int fh = open(fn, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
> -	free(fn);
>  	if (fh < 0) {
>  		fprintf(stderr,
>  			"ERROR: couldn't open(%s): %s\n", fn, strerror(errno));
> +		free(fn);
>  		exit(1);
>  	}
> +	free(fn);
>  
>  	ret = write(fh, &dump[base >> 2], file_len);
>  	if (ret != file_len) {

Acked-by: Stefan Tauner <stefan.tauner at alumni.tuwien.ac.at>
and committed in r1771, thanks!

-- 
Kind regards/Mit freundlichen Grüßen, Stefan Tauner




More information about the flashrom mailing list