Author: stefanct Date: Sat Apr 26 18:11:21 2014 New Revision: 1771 URL: http://flashrom.org/trac/flashrom/changeset/1771
Log: CID1130011: Use after free in ich_descriptor_tool. Signed-off-by: Stefan Reinauer <[email protected]> Acked-by: Stefan Tauner <[email protected]> Modified: trunk/util/ich_descriptors_tool/ich_descriptors_tool.c Modified: trunk/util/ich_descriptors_tool/ich_descriptors_tool.c ============================================================================== --- trunk/util/ich_descriptors_tool/ich_descriptors_tool.c Sat Apr 26 18:11:07 2014 (r1770) +++ trunk/util/ich_descriptors_tool/ich_descriptors_tool.c Sat Apr 26 18:11:21 2014 (r1771) @@ -77,12 +77,13 @@ printf("Dumping %u bytes of the %s region from 0x%08x-0x%08x to %s... ", file_len, region_names[i], base, limit, fn); int fh = open(fn, O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR); - free(fn); if (fh < 0) { fprintf(stderr, "ERROR: couldn't open(%s): %s\n", fn, strerror(errno)); + free(fn); exit(1); } + free(fn); ret = write(fh, &dump[base >> 2], file_len); if (ret != file_len) { _______________________________________________ flashrom mailing list [email protected] http://www.flashrom.org/mailman/listinfo/flashrom
