From a0f9ece19c0998a3ecc859edb2f950cdeace47db Mon Sep 17 00:00:00 2001
From: Edward O'Callaghan <eocallaghan@alterapraxis.com>
Date: Sun, 9 Mar 2014 00:05:18 +1100
Subject: util/cbfstool: Make cbfs_image_delete() NULL-tolerant.

This fixes a double free crash that occurs when a call to
cbfs_image_from_file() fails in cbfs_extract() and falls though to
cbfs_image_delete() with a NULL-pointer.

To reproduce the crash pass the following arguments where the files
passed, in fact, do not exist. As follows:
./cbfstool build/coreboot.rom extract -n config -f /tmp/config.txt

Change-Id: I2213ff175d0703705a0ec10271b30bb26b6f8d0a
Signed-off-by: Edward O'Callaghan <eocallaghan@alterapraxis.com>
Reviewed-on: http://review.coreboot.org/5353
Tested-by: build bot (Jenkins)
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
---
 util/cbfstool/cbfs_image.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'util/cbfstool')

diff --git a/util/cbfstool/cbfs_image.c b/util/cbfstool/cbfs_image.c
index b9d5f28486..12bc2fe74e 100644
--- a/util/cbfstool/cbfs_image.c
+++ b/util/cbfstool/cbfs_image.c
@@ -300,6 +300,9 @@ int cbfs_image_write_file(struct cbfs_image *image, const char *filename)
 
 int cbfs_image_delete(struct cbfs_image *image)
 {
+	if (image == NULL)
+		return 0;
+
 	buffer_delete(&image->buffer);
 	image->header = NULL;
 	return 0;
-- 
cgit v1.2.3