diff options
author | Andrew Engelbrecht <sudoman@ninthfloor.org> | 2014-12-01 12:22:48 -0500 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2014-12-02 10:15:00 +0100 |
commit | e8905312f066fc899089edebe803873819f2b920 (patch) | |
tree | 80165da2c7e35b1b0a024cc5f29d3c8b9b1f98f5 | |
parent | e0e784a456c4d64e5e88ce578371fe6c538db559 (diff) | |
download | coreboot-e8905312f066fc899089edebe803873819f2b920.tar.xz |
nvramtool: cmos_read(): Use malloc() instead of alloca()
Fixes crash occurring when 'nvramtool -a' tried to free a prematurely
freed pointer. (Tested on x60)
malloc() is correct because the pointer is accessed outside the calling
function. The pointer is freed in the parent function list_cmos_entry().
Change-Id: I1723f09740657f0f0d9e6954bd6d11c0a3820a42
Signed-off-by: Andrew Engelbrecht <sudoman@ninthfloor.org>
Reviewed-on: http://review.coreboot.org/7620
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
-rw-r--r-- | util/nvramtool/cmos_lowlevel.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/util/nvramtool/cmos_lowlevel.c b/util/nvramtool/cmos_lowlevel.c index 618e8d2b27..c46e48062d 100644 --- a/util/nvramtool/cmos_lowlevel.c +++ b/util/nvramtool/cmos_lowlevel.c @@ -112,6 +112,9 @@ static inline void put_bits(unsigned char value, unsigned bit, * Read value from nonvolatile RAM at position given by 'bit' and 'length' * and return this value. The I/O privilege level of the currently executing * process must be set appropriately. + * + * Returned value is either (unsigned long long), or malloc()'d (char *) + * cast to (unsigned long long) ****************************************************************************/ unsigned long long cmos_read(const cmos_entry_t * e) { @@ -126,7 +129,7 @@ unsigned long long cmos_read(const cmos_entry_t * e) if (e->config == CMOS_ENTRY_STRING) { int strsz = (length + 7) / 8; - char *newstring = alloca(strsz); + char *newstring = malloc(strsz); unsigned usize = (8 * sizeof(unsigned long long)); if (!newstring) { |