On 16.10.23 04:46, 'Felix Moessbauer' via EFI Boot Guard wrote: > When probing partitions, the mountpoint string is allocated on the heap. > This needs to be freed as well in case of errors during probing. > > Signed-off-by: Felix Moessbauer <[email protected]> > --- > env/env_config_partitions.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/env/env_config_partitions.c b/env/env_config_partitions.c > index be52d7f..d50545e 100644 > --- a/env/env_config_partitions.c > +++ b/env/env_config_partitions.c > @@ -65,6 +65,7 @@ bool probe_config_partitions(CONFIG_PART *cfgpart) > cfgpart[count] = tmp; > } else { > free(tmp.devpath); > + free(tmp.mountpoint); > VERBOSE(stderr, > "Error, there are " > "more than %d config " > @@ -75,6 +76,7 @@ bool probe_config_partitions(CONFIG_PART *cfgpart) > count++; > } else { > free(tmp.devpath); > + free(tmp.mountpoint); > } > part = ped_disk_next_partition(pd, part); > }
This is wrong, giving us a double-free. That memory is both allocated and also released again in probe_config_file (unmount_partition). Jan -- Siemens AG, Technology Linux Expert Center -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/be06dd19-7d25-4915-a798-bbc1f00db7ef%40siemens.com.
