diff options
| author | Edward O'Callaghan <eocallaghan@alterapraxis.com> | 2014-03-09 00:05:18 +1100 |
|---|---|---|
| committer | Alexandru Gagniuc <mr.nuke.me@gmail.com> | 2014-04-07 18:34:33 +0200 |
| commit | a0f9ece19c0998a3ecc859edb2f950cdeace47db (patch) | |
| tree | 3ee8489f1c8d44a39bad4e54e1174b1fd3980cff | |
| parent | 7c1a49bcc0520de45ae57054baa86cfd56474c46 (diff) | |
| download | coreboot-staging-a0f9ece19c0998a3ecc859edb2f950cdeace47db.zip coreboot-staging-a0f9ece19c0998a3ecc859edb2f950cdeace47db.tar.gz | |
util/cbfstool: Make cbfs_image_delete() NULL-tolerant.
This fixes a double free crash that occurs when a call to
cbfs_image_from_file() fails in cbfs_extract() and falls though to
cbfs_image_delete() with a NULL-pointer.
To reproduce the crash pass the following arguments where the files
passed, in fact, do not exist. As follows:
./cbfstool build/coreboot.rom extract -n config -f /tmp/config.txt
Change-Id: I2213ff175d0703705a0ec10271b30bb26b6f8d0a
Signed-off-by: Edward O'Callaghan <eocallaghan@alterapraxis.com>
Reviewed-on: http://review.coreboot.org/5353
Tested-by: build bot (Jenkins)
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
| -rw-r--r-- | util/cbfstool/cbfs_image.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/util/cbfstool/cbfs_image.c b/util/cbfstool/cbfs_image.c index b9d5f28..12bc2fe 100644 --- a/util/cbfstool/cbfs_image.c +++ b/util/cbfstool/cbfs_image.c @@ -300,6 +300,9 @@ int cbfs_image_write_file(struct cbfs_image *image, const char *filename) int cbfs_image_delete(struct cbfs_image *image) { + if (image == NULL) + return 0; + buffer_delete(&image->buffer); image->header = NULL; return 0; |
