From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1ZqpYY-0003dC-0Q for mharc-grub-devel@gnu.org; Mon, 26 Oct 2015 17:43:54 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:52116) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZqpYV-0003cA-Kp for grub-devel@gnu.org; Mon, 26 Oct 2015 17:43:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZqpYR-0001f5-7O for grub-devel@gnu.org; Mon, 26 Oct 2015 17:43:51 -0400 Received: from userp1040.oracle.com ([156.151.31.81]:28179) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZqpYR-0001dh-0A for grub-devel@gnu.org; Mon, 26 Oct 2015 17:43:47 -0400 Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id t9QLhi4U013318 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 26 Oct 2015 21:43:45 GMT Received: from userv0122.oracle.com (userv0122.oracle.com [156.151.31.75]) by userv0021.oracle.com (8.13.8/8.13.8) with ESMTP id t9QLhiAD010483 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Mon, 26 Oct 2015 21:43:44 GMT Received: from abhmp0017.oracle.com (abhmp0017.oracle.com [141.146.116.23]) by userv0122.oracle.com (8.13.8/8.13.8) with ESMTP id t9QLhi4l014394 for ; Mon, 26 Oct 2015 21:43:44 GMT Received: from ca-qasparc20.us.oracle.com (/10.147.24.73) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Mon, 26 Oct 2015 14:43:44 -0700 From: Eric Snowberg To: grub-devel@gnu.org Subject: [PATCH 1/3] ieee1275: ofdisk dangling pointer Date: Mon, 26 Oct 2015 17:43:36 -0400 Message-Id: <1671671c705298f7d6e8c7e79805564b3b662548.1445895272.git.eric.snowberg@oracle.com> X-Mailer: git-send-email 1.7.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 To: eric.snowberg@oracle.com X-Source-IP: userv0021.oracle.com [156.151.31.71] Content-Transfer-Encoding: quoted-printable X-MIME-Autoconverted: from 8bit to quoted-printable by userp1040.oracle.com id t9QLhi4U013318 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] X-Received-From: 156.151.31.81 Cc: Eric Snowberg X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Oct 2015 21:43:52 -0000 Within commit: 87ec3b7fa9061f470616ed927fc140e995831c00 - "Don't continue to query block-size if disk doesn't have it.=E2=80=9D a dangling pointer was introduced. Fix dangling pointer issue in grub_ofdisk_open where devpath is freed and then used again within the call to grub_ofdisk_get_block_size. This solves many memory corruption issues we were seeing. Signed-off-by: Eric Snowberg --- grub-core/disk/ieee1275/ofdisk.c | 7 ++++--- 1 files changed, 4 insertions(+), 3 deletions(-) diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/o= fdisk.c index 331769b..4a5632c 100644 --- a/grub-core/disk/ieee1275/ofdisk.c +++ b/grub-core/disk/ieee1275/ofdisk.c @@ -422,10 +422,11 @@ grub_ofdisk_open (const char *name, grub_disk_t dis= k) op =3D ofdisk_hash_find (devpath); if (!op) op =3D ofdisk_hash_add (devpath, NULL); - else - grub_free (devpath); if (!op) - return grub_errno; + { + grub_free (devpath); + return grub_errno; + } disk->id =3D (unsigned long) op; disk->data =3D op->open_path; =20 --=20 1.7.1