From: Daniel Axtens <d...@axtens.net> If huft_build() fails, gzio->tl or gzio->td could contain pointers that are no longer valid. Zero them out.
This prevents a double free when grub_gzio_close() comes through and attempts to free them again. Signed-off-by: Daniel Axtens <d...@axtens.net> Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> --- grub-core/io/gzio.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/grub-core/io/gzio.c b/grub-core/io/gzio.c index 19adebeed..aea86a0a9 100644 --- a/grub-core/io/gzio.c +++ b/grub-core/io/gzio.c @@ -1010,6 +1010,7 @@ init_dynamic_block (grub_gzio_t gzio) gzio->bl = lbits; if (huft_build (ll, nl, 257, cplens, cplext, &gzio->tl, &gzio->bl) != 0) { + gzio->tl = 0; grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "failed in building a Huffman code table"); return; @@ -1019,6 +1020,7 @@ init_dynamic_block (grub_gzio_t gzio) { huft_free (gzio->tl); gzio->tl = 0; + gzio->td = 0; grub_error (GRUB_ERR_BAD_COMPRESSED_DATA, "failed in building a Huffman code table"); return; -- 2.11.0 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel