On 26.10.2015 22:43, Eric Snowberg wrote:
> Within commit: 87ec3b7fa9061f470616ed927fc140e995831c00 -
> "Don't continue to query block-size if disk doesn't have it.”
> a dangling pointer was introduced.
> 
> Fix dangling pointer issue in grub_ofdisk_open where devpath is freed
> and then used again within the call to grub_ofdisk_get_block_size. This
> solves many memory corruption issues we were seeing.
> 
Committed, thanks
> Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
> ---
>  grub-core/disk/ieee1275/ofdisk.c |    7 ++++---
>  1 files changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/grub-core/disk/ieee1275/ofdisk.c b/grub-core/disk/ieee1275/ofdisk.c
> index 331769b..4a5632c 100644
> --- a/grub-core/disk/ieee1275/ofdisk.c
> +++ b/grub-core/disk/ieee1275/ofdisk.c
> @@ -422,10 +422,11 @@ grub_ofdisk_open (const char *name, grub_disk_t disk)
>      op = ofdisk_hash_find (devpath);
>      if (!op)
>        op = ofdisk_hash_add (devpath, NULL);
> -    else
> -      grub_free (devpath);
>      if (!op)
> -      return grub_errno;
> +      {
> +        grub_free (devpath);
> +        return grub_errno;
> +      }
>      disk->id = (unsigned long) op;
>      disk->data = op->open_path;
>  
>