Date: Sun, 15 Jan 2017 20:03:13 +0000 (UTC) From: Toomas Soome <tsoome@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r312237 - head/sys/boot/efi/loader Message-ID: <201701152003.v0FK3Dxh035142@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tsoome Date: Sun Jan 15 20:03:13 2017 New Revision: 312237 URL: https://svnweb.freebsd.org/changeset/base/312237 Log: loader.efi: find_currdev() can leak memory The find_currdev() is using variable "copy" to store the reference to trimmed devpath pointer, if for some reason the efi_devpath_handle() fails, we will leak this copy. Also we can simplify the code there a bit. Reviewed by: allanjude Approved by: allanjude (mentor) Differential Revision: https://reviews.freebsd.org/D9191 Modified: head/sys/boot/efi/loader/main.c Modified: head/sys/boot/efi/loader/main.c ============================================================================== --- head/sys/boot/efi/loader/main.c Sun Jan 15 19:49:47 2017 (r312236) +++ head/sys/boot/efi/loader/main.c Sun Jan 15 20:03:13 2017 (r312237) @@ -219,20 +219,19 @@ find_currdev(EFI_LOADED_IMAGE *img, stru if (h == NULL) break; - if (efi_handle_lookup(h, dev, unit, extra) == 0) { - if (copy != NULL) - free(copy); + free(copy); + copy = NULL; + + if (efi_handle_lookup(h, dev, unit, extra) == 0) return (0); - } - if (copy != NULL) - free(copy); devpath = efi_lookup_devpath(h); if (devpath != NULL) { copy = efi_devpath_trim(devpath); devpath = copy; } } + free(copy); /* Try to fallback on first device */ if (devsw[0] != NULL) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701152003.v0FK3Dxh035142>