globfree() is a no-op if glob_t::gl_pathv is NULL. A failed glob may not always initialize this member however, leading to potential memory corruption. Fix this by only freeing the glob_t if glob() had succeeded. Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de> --- common/startup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common/startup.c b/common/startup.c index d170cb8a7c5a..871696968a14 100644 --- a/common/startup.c +++ b/common/startup.c @@ -345,9 +345,9 @@ static int run_init(void) run_command(scr); free(scr); } - } - globfree(&g); + globfree(&g); + } /* source matching script in /env/bmode/ */ bmode = reboot_mode_get(); -- 2.30.2 _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox
globfree() is a no-op if glob_t::gl_pathv is NULL. A failed glob may not always initialize this member however, leading to potential memory corruption. Fix this by initializing glob_t. Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de> --- common/menutree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/menutree.c b/common/menutree.c index c28284b47a0c..9a14005ea209 100644 --- a/common/menutree.c +++ b/common/menutree.c @@ -84,7 +84,7 @@ int menutree(const char *path, int toplevel) struct stat s; char *box; struct menutree *mt; - glob_t g; + glob_t g = {}; int i; char *globpath, *display; size_t size; -- 2.30.2 _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox
On Wed, Sep 22, 2021 at 09:14:39AM +0200, Ahmad Fatoum wrote: > globfree() is a no-op if glob_t::gl_pathv is NULL. A failed glob may not > always initialize this member however, leading to potential memory > corruption. > > Fix this by only freeing the glob_t if glob() had succeeded. > > Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de> > --- > common/startup.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) Applied, thanks Sascha -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@lists.infradead.org http://lists.infradead.org/mailman/listinfo/barebox