On Thu, 19 Feb 2026 at 20:44, Vincent Stehlé <[email protected]> wrote: > > The test of the UEFI UninstallMultipleProtocolInterfaces() function clears > a buffer returned by LocateHandleBuffer() at some point, but there is an > error in the size computation, which leads to a buffer overflow. > The buffer is also never freed, which leads to a memory leak. > > As the buffer is in fact not reused during the test, fix both errors by > simply freeing the buffer. > > Fixes: 927ca890b09f ("efi_selftest: test protocol management") > Signed-off-by: Vincent Stehlé <[email protected]> > Cc: Heinrich Schuchardt <[email protected]> > Cc: Ilias Apalodimas <[email protected]> > Cc: Tom Rini <[email protected]> > ---
Reviewed-by: Ilias Apalodimas <[email protected]> > lib/efi_selftest/efi_selftest_manageprotocols.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/lib/efi_selftest/efi_selftest_manageprotocols.c > b/lib/efi_selftest/efi_selftest_manageprotocols.c > index ccffa59095d..0334a074866 100644 > --- a/lib/efi_selftest/efi_selftest_manageprotocols.c > +++ b/lib/efi_selftest/efi_selftest_manageprotocols.c > @@ -319,7 +319,12 @@ static int execute(void) > efi_st_error("Failed to locate new handle\n"); > return EFI_ST_FAILURE; > } > - boottime->set_mem(buffer, sizeof(efi_handle_t) * buffer_size, 0); > + /* Release buffer */ > + ret = boottime->free_pool(buffer); > + if (ret != EFI_SUCCESS) { > + efi_st_error("FreePool failed\n"); > + return EFI_ST_FAILURE; > + } > > /* > * Test ProtocolsPerHandle > -- > 2.51.0 >
