[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.3] x86/EFI: fix freeing of uninitialized pointer

commit f73bada970ae0c687abe2a4ec1aa0bb960c1dfe8
Author:     Roy Franz <roy.franz@xxxxxxxxxx>
AuthorDate: Fri Oct 17 16:03:50 2014 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Fri Oct 17 16:03:50 2014 +0200

    x86/EFI: fix freeing of uninitialized pointer
    
    The only valid response from the LocateHandle() call is 
EFI_BUFFER_TOO_SMALL,
    so exit if we get anything else.  We pass a 0 size/NULL pointer buffer, so 
the
    only other returns we will get is an error.  Return right away as there is
    nothing to do.  Also return if there is an error allocating the buffer, as 
the
    previous code path also allowed for an undefined pointer to be freed.
    
    Signed-off-by: Roy Franz <roy.franz@xxxxxxxxxx>
    
    Re-structure the change.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    master commit: c61690fb76f9a51a8c932d76929b67bd0940febe
    master date: 2014-09-24 11:09:11 +0200
---
 xen/arch/x86/efi/boot.c |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/xen/arch/x86/efi/boot.c b/xen/arch/x86/efi/boot.c
index 68c9abe..7eabcea 100644
--- a/xen/arch/x86/efi/boot.c
+++ b/xen/arch/x86/efi/boot.c
@@ -594,11 +594,12 @@ static void __init setup_efi_pci(void)
     struct efi_pci_rom *last = NULL;
 
     status = efi_bs->LocateHandle(ByProtocol, &pci_guid, NULL, &size, NULL);
-    if ( status == EFI_BUFFER_TOO_SMALL )
-        status = efi_bs->AllocatePool(EfiLoaderData, size, (void **)&handles);
-    if ( !EFI_ERROR(status) )
-        status = efi_bs->LocateHandle(ByProtocol, &pci_guid, NULL, &size,
-                                      handles);
+    if ( status != EFI_BUFFER_TOO_SMALL )
+        return;
+    status = efi_bs->AllocatePool(EfiLoaderData, size, (void **)&handles);
+    if ( EFI_ERROR(status) )
+        return;
+    status = efi_bs->LocateHandle(ByProtocol, &pci_guid, NULL, &size, handles);
     if ( EFI_ERROR(status) )
         size = 0;
 
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.3

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.