From mboxrd@z Thu Jan 1 00:00:00 1970 From: Roy Franz Subject: [PATCH for-4.5 V6 13/14] Fix freeing of uninitialized pointer Date: Tue, 23 Sep 2014 22:03:11 -0700 Message-ID: <1411534992-27443-14-git-send-email-roy.franz@linaro.org> References: <1411534992-27443-1-git-send-email-roy.franz@linaro.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1411534992-27443-1-git-send-email-roy.franz@linaro.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: xen-devel@lists.xen.org, ian.campbell@citrix.com, stefano.stabellini@citrix.com, tim@xen.org, jbeulich@suse.com, keir@xen.org Cc: Roy Franz , fu.wei@linaro.org List-Id: xen-devel@lists.xenproject.org The only valid response from the LocateHandle() call is EFI_BUFFER_TOO_SMALL, so exit if we get anything else. We pass a 0 size/NULL pointer buffer, so the only other returns we will get is an error. Return right away as there is nothing to do. Also return if there is an error allocating the buffer, as the previous code path also allowed for an undefined pointer to be freed. Signed-off-by: Roy Franz --- xen/common/efi/boot.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/xen/common/efi/boot.c b/xen/common/efi/boot.c index d5c9355..54db5c9 100644 --- a/xen/common/efi/boot.c +++ b/xen/common/efi/boot.c @@ -582,9 +582,15 @@ static void __init setup_efi_pci(void) status = efi_bs->LocateHandle(ByProtocol, &pci_guid, NULL, &size, NULL); if ( status == EFI_BUFFER_TOO_SMALL ) status = efi_bs->AllocatePool(EfiLoaderData, size, (void **)&handles); + else + return; + if ( !EFI_ERROR(status) ) status = efi_bs->LocateHandle(ByProtocol, &pci_guid, NULL, &size, handles); + else + return; + if ( EFI_ERROR(status) ) size = 0; -- 2.1.0