summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEugeniu Rosca <erosca@de.adit-jv.com>2019-04-30 04:53:45 +0200
committerHeinrich Schuchardt <xypron.glpk@gmx.de>2019-05-02 18:17:50 +0200
commit716f919d2da723fae9416ea4ec461c1e29e71de0 (patch)
treec4dba040a3ee36874391b055c7edf24ab2d3aa8d
parent1cfe9694752eb638bcf766429bc64cad2dbde041 (diff)
downloadu-boot-716f919d2da723fae9416ea4ec461c1e29e71de0.tar.gz
disk: efi: Fix memory leak on 'gpt verify'
Below is what happens on R-Car H3ULCB-KF using clean U-Boot v2019.04-00810-g6aebc0d11a10 and r8a7795_ulcb_defconfig: => ### interrupt autoboot => gpt verify mmc 1 No partition list provided - only basic check Verify GPT: success! => ### keep calling 'gpt verify mmc 1' => ### on 58th call, we are out of memory: => gpt verify mmc 1 alloc_read_gpt_entries: ERROR: Can't allocate 0X4000 bytes for GPT Entries GPT: Failed to allocate memory for PTE gpt_verify_headers: *** ERROR: Invalid Backup GPT *** Verify GPT: error! This is caused by calling is_gpt_valid() twice (hence allocating pte also twice via alloc_read_gpt_entries()) while freeing pte only _once_ in the caller of gpt_verify_headers(). Fix that by freeing the pte allocated and populated for primary GPT _before_ allocating and populating the pte for backup GPT. The latter will be freed by the caller of gpt_verify_headers(). With the fix applied, the reproduction scenario [1-2] has been run hundreds of times in a loop w/o running into OOM. [1] gpt verify mmc 1 [2] gpt verify mmc 1 $partitions Fixes: cef68bf9042dda ("gpt: part: Definition and declaration of GPT verification functions") Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com> Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
-rw-r--r--disk/part_efi.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/disk/part_efi.c b/disk/part_efi.c
index 812d14cdd8..c0fa753339 100644
--- a/disk/part_efi.c
+++ b/disk/part_efi.c
@@ -698,6 +698,10 @@ int gpt_verify_headers(struct blk_desc *dev_desc, gpt_header *gpt_head,
__func__);
return -1;
}
+
+ /* Free pte before allocating again */
+ free(*gpt_pte);
+
if (is_gpt_valid(dev_desc, (dev_desc->lba - 1),
gpt_head, gpt_pte) != 1) {
printf("%s: *** ERROR: Invalid Backup GPT ***\n",