[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY PATCH 054/117] loader/xnu: Fix memory leak
From: |
Daniel Kiper |
Subject: |
[SECURITY PATCH 054/117] loader/xnu: Fix memory leak |
Date: |
Tue, 2 Mar 2021 19:01:01 +0100 |
From: Darren Kenny <darren.kenny@oracle.com>
The code here is finished with the memory stored in name, but it only
frees it if there curvalue is valid, while it could actually free it
regardless.
The fix is a simple relocation of the grub_free() to before the test
of curvalue.
Fixes: CID 96646
Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
---
grub-core/loader/xnu.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/grub-core/loader/xnu.c b/grub-core/loader/xnu.c
index 44fd5a979..eb1446251 100644
--- a/grub-core/loader/xnu.c
+++ b/grub-core/loader/xnu.c
@@ -1391,9 +1391,9 @@ grub_xnu_fill_devicetree (void)
name[len] = 0;
curvalue = grub_xnu_create_value (curkey, name);
- if (!curvalue)
- return grub_errno;
grub_free (name);
+ if (!curvalue)
+ return grub_errno;
data = grub_malloc (grub_strlen (var->value) + 1);
if (!data)
--
2.11.0
- [SECURITY PATCH 045/117] commands/hashsum: Fix a memory leak, (continued)
- [SECURITY PATCH 045/117] commands/hashsum: Fix a memory leak, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 042/117] libgcrypt/mpi: Fix possible NULL dereference, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 046/117] commands/probe: Fix a resource leak when probing disks, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 047/117] video/efi_gop: Remove unnecessary return value of grub_video_gop_fill_mode_info(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 050/117] video/fb/video_fb: Fix possible integer overflow, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 048/117] video/fb/fbfill: Fix potential integer overflow, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 051/117] video/readers/jpeg: Test for an invalid next marker reference from a jpeg file, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 049/117] video/fb/video_fb: Fix multiple integer overflows, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 053/117] loader/bsd: Check for NULL arg up-front, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 052/117] gfxmenu/gui_list: Remove code that coverity is flagging as dead, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 054/117] loader/xnu: Fix memory leak,
Daniel Kiper <=
- [SECURITY PATCH 055/117] loader/xnu: Free driverkey data when an error is detected in grub_xnu_writetree_toheap(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 056/117] loader/xnu: Check if pointer is NULL before using it, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 057/117] util/grub-install: Fix NULL pointer dereferences, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 058/117] util/grub-editenv: Fix incorrect casting of a signed value, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 059/117] util/glue-efi: Fix incorrect use of a possibly negative value, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 062/117] script/execute: Avoid crash when using "$#" outside a function scope, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 060/117] script/execute: Fix NULL dereference in grub_script_execute_cmdline(), Daniel Kiper, 2021/03/02
- [SECURITY PATCH 067/117] video/readers/jpeg: Catch files with unsupported quantization or Huffman tables, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 061/117] commands/ls: Require device_name is not NULL before printing, Daniel Kiper, 2021/03/02
- [SECURITY PATCH 066/117] kern/misc: Always set *end in grub_strtoull(), Daniel Kiper, 2021/03/02