* [PATCH] x86: fix BAD_FREE in get_efi_runtime_map()
@ 2018-10-22 7:54 Pingfan Liu
2018-10-29 10:12 ` Simon Horman
0 siblings, 1 reply; 2+ messages in thread
From: Pingfan Liu @ 2018-10-22 7:54 UTC (permalink / raw)
To: kexec
If the err_out label is reached, address of a stack variable is passed to
free(). Fix it.
Signed-off-by: Pingfan Liu <piliu@redhat.com>
---
kexec/arch/i386/x86-linux-setup.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kexec/arch/i386/x86-linux-setup.c b/kexec/arch/i386/x86-linux-setup.c
index 6c7d260..6cda12c 100644
--- a/kexec/arch/i386/x86-linux-setup.c
+++ b/kexec/arch/i386/x86-linux-setup.c
@@ -595,8 +595,8 @@ static int get_efi_runtime_map(struct efi_mem_descriptor **map)
closedir(dirp);
return nr_maps;
err_out:
- if (map)
- free(map);
+ if (*map)
+ free(*map);
closedir(dirp);
return 0;
}
--
2.7.4
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-10-29 10:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-10-22 7:54 [PATCH] x86: fix BAD_FREE in get_efi_runtime_map() Pingfan Liu
2018-10-29 10:12 ` Simon Horman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox