The ISO C standard says about free(),
If ptr is a null pointer, no action occurs.
This is not true of the FreePool() interface of the MemoryAllocationLib
class:
Buffer must have been allocated on a previous call to the pool
allocation services of the Memory Allocation Library. [...] If Buffer
was not allocated with a pool allocation function in the Memory
Allocation Library, then ASSERT().
Therefore we must not forward the argument of free() to FreePool() without
checking.
This bug can be triggered by upstream OpenSSL commit 8e704858f219
("RT3955: Reduce some stack usage"), for example.
Cc: David Woodhouse <[email protected]>
Cc: Qin Long <[email protected]>
Cc: Ting Ye <[email protected]>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Laszlo Ersek <[email protected]>
---
CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c
b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c
index 544f07215b8f..964545f143cc 100644
--- a/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c
+++ b/CryptoPkg/Library/BaseCryptLib/SysCall/BaseMemAllocation.c
@@ -38,5 +38,11 @@ void *realloc (void *ptr, size_t size)
/* De-allocates or frees a memory block */
void free (void *ptr)
{
- FreePool (ptr);
+ //
+ // In Standard C, free() handles a null pointer argument transparently. This
+ // is not true of FreePool() below, so protect it.
+ //
+ if (ptr != NULL) {
+ FreePool (ptr);
+ }
}
--
1.8.3.1
_______________________________________________
edk2-devel mailing list
[email protected]
https://lists.01.org/mailman/listinfo/edk2-devel
