On Mon, 2023-10-16 at 08:03 +0200, Jan Kiszka wrote: > On 16.10.23 04:46, 'Felix Moessbauer' via EFI Boot Guard wrote: > > When probing partitions, the mountpoint string is allocated on the > > heap. > > This needs to be freed as well in case of errors during probing. > > > > Signed-off-by: Felix Moessbauer <[email protected]> > > --- > > env/env_config_partitions.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/env/env_config_partitions.c > > b/env/env_config_partitions.c > > index be52d7f..d50545e 100644 > > --- a/env/env_config_partitions.c > > +++ b/env/env_config_partitions.c > > @@ -65,6 +65,7 @@ bool probe_config_partitions(CONFIG_PART > > *cfgpart) > > cfgpart[count] = tmp; > > } else { > > free(tmp.devpath); > > + free(tmp.mountpoint); > > VERBOSE(stderr, > > "Error, there are " > > "more than %d > > config " > > @@ -75,6 +76,7 @@ bool probe_config_partitions(CONFIG_PART > > *cfgpart) > > count++; > > } else { > > free(tmp.devpath); > > + free(tmp.mountpoint); > > } > > part = ped_disk_next_partition(pd, part); > > } > > This is wrong, giving us a double-free. That memory is both allocated > and also released again in probe_config_file (unmount_partition).
I'm almost certainly sure that the first free is correct. The second indeed might lead to a double free. This could better be solved by just nulling the pointer, or even better providing a destructor for the struct that internally handles this correctly. We definitely have a memory leak here, as reported by the asan. Felix > > Jan > -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/fd912797577aa90b762e02be16a33f1306404ed4.camel%40siemens.com.
