* [U-Boot] kwbimage use after free
@ 2016-10-22 4:47 Jonathan Gray
0 siblings, 0 replies; only message in thread
From: Jonathan Gray @ 2016-10-22 4:47 UTC (permalink / raw)
To: u-boot
I didn't see a dedicated list to send bug reports so sending it here:
There is a use after free in kwbimage, found by building u-boot with the
use after free detection enabled with OpenBSD's malloc. When building
the clearfog target:
MKIMAGE u-boot-spl.kwb
Segmentation fault (core dumped)
kwbimage_generate -> image_version_file (alloc and free image_cfg global)
kwbimage_generate -> image_headersz_v1 -> image_count_options (image_cfg used)
It isn't clear to me if image_version_file should be inlined or another
approach taken, but as it stands it is clearly wrong.
The result of image_version_file is also never checked for -1 which multiple
paths in the function return.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-10-22 4:47 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-10-22 4:47 [U-Boot] kwbimage use after free Jonathan Gray
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.