From e8905312f066fc899089edebe803873819f2b920 Mon Sep 17 00:00:00 2001 From: Andrew Engelbrecht Date: Mon, 1 Dec 2014 12:22:48 -0500 Subject: nvramtool: cmos_read(): Use malloc() instead of alloca() Fixes crash occurring when 'nvramtool -a' tried to free a prematurely freed pointer. (Tested on x60) malloc() is correct because the pointer is accessed outside the calling function. The pointer is freed in the parent function list_cmos_entry(). Change-Id: I1723f09740657f0f0d9e6954bd6d11c0a3820a42 Signed-off-by: Andrew Engelbrecht Reviewed-on: http://review.coreboot.org/7620 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi Reviewed-by: Paul Menzel --- util/nvramtool/cmos_lowlevel.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'util/nvramtool/cmos_lowlevel.c') diff --git a/util/nvramtool/cmos_lowlevel.c b/util/nvramtool/cmos_lowlevel.c index 618e8d2b27..c46e48062d 100644 --- a/util/nvramtool/cmos_lowlevel.c +++ b/util/nvramtool/cmos_lowlevel.c @@ -112,6 +112,9 @@ static inline void put_bits(unsigned char value, unsigned bit, * Read value from nonvolatile RAM at position given by 'bit' and 'length' * and return this value. The I/O privilege level of the currently executing * process must be set appropriately. + * + * Returned value is either (unsigned long long), or malloc()'d (char *) + * cast to (unsigned long long) ****************************************************************************/ unsigned long long cmos_read(const cmos_entry_t * e) { @@ -126,7 +129,7 @@ unsigned long long cmos_read(const cmos_entry_t * e) if (e->config == CMOS_ENTRY_STRING) { int strsz = (length + 7) / 8; - char *newstring = alloca(strsz); + char *newstring = malloc(strsz); unsigned usize = (8 * sizeof(unsigned long long)); if (!newstring) { -- cgit v1.2.3