From mboxrd@z Thu Jan  1 00:00:00 1970
From: AKASHI Takahiro <takahiro.akashi@linaro.org>
Date: Fri, 1 Mar 2019 09:54:44 +0900
Subject: [U-Boot] [PATCH 1/1] efi_loader: HII protocols: fix
	new_package_list()
In-Reply-To: <20190228222034.18644-1-xypron.glpk@gmx.de>
References: <20190228222034.18644-1-xypron.glpk@gmx.de>
Message-ID: <20190301005443.GW20286@linaro.org>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

On Thu, Feb 28, 2019 at 11:20:34PM +0100, Heinrich Schuchardt wrote:
> In new_package_list() we call new_packagelist() to create a new package
> list. Next we try to add the packages which fails for form packages. Due
> to this error we call free_packagelist(). Now in free_packagelist()
> list_del() is called for an uninitialized field hii->link. This leads to
> changing random memory addresses.
> 
> To solve the problem move the initialization of hii->link to
> new_packagelist().
> 
> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
> ---
> @Takahiro:
> Please, review the patch.

Good catch, thank you.

Reviewed-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

> ---
>  lib/efi_loader/efi_hii.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/lib/efi_loader/efi_hii.c b/lib/efi_loader/efi_hii.c
> index d63d2d84184..0ed4b196333 100644
> --- a/lib/efi_loader/efi_hii.c
> +++ b/lib/efi_loader/efi_hii.c
> @@ -343,6 +343,7 @@ static struct efi_hii_packagelist *new_packagelist(void)
>  	struct efi_hii_packagelist *hii;
>  
>  	hii = malloc(sizeof(*hii));
> +	list_add_tail(&hii->link, &efi_package_lists);
>  	hii->max_string_id = 0;
>  	INIT_LIST_HEAD(&hii->string_tables);
>  	INIT_LIST_HEAD(&hii->guid_list);
> @@ -465,7 +466,6 @@ new_package_list(const struct efi_hii_database_protocol *this,
>  	}
>  
>  	hii->driver_handle = driver_handle;
> -	list_add_tail(&hii->link, &efi_package_lists);
>  	*handle = hii;
>  
>  	return EFI_EXIT(EFI_SUCCESS);
> -- 
> 2.20.1
>