From: Heinrich Schuchardt Date: Thu, 28 Feb 2019 22:07:00 +0000 (+0100) Subject: efi_loader: HII protocols: fix new_package_list() X-Git-Tag: v2025.01-rc5-pxa1908~3094^2~2 X-Git-Url: http://git.dujemihanovic.xyz/%22http:/www.sics.se/static/%7B%7B%20.Permalink%20%7D%7D?a=commitdiff_plain;h=fdef298338e4e775d41ab77b25edb695b2d8e1c0;p=u-boot.git efi_loader: HII protocols: fix new_package_list() In new_package_list() we call new_packagelist() to create a new package list. Next we try to add the packages which fails for form packages. Due to this error we call free_packagelist(). Now in free_packagelist() list_del() is called for an uninitialized field hii->link. This leads to changing random memory addresses. To solve the problem move the initialization of hii->link to new_packagelist(). Signed-off-by: Heinrich Schuchardt Reviewed-by: AKASHI Takahiro --- diff --git a/lib/efi_loader/efi_hii.c b/lib/efi_loader/efi_hii.c index d63d2d8418..0ed4b19633 100644 --- a/lib/efi_loader/efi_hii.c +++ b/lib/efi_loader/efi_hii.c @@ -343,6 +343,7 @@ static struct efi_hii_packagelist *new_packagelist(void) struct efi_hii_packagelist *hii; hii = malloc(sizeof(*hii)); + list_add_tail(&hii->link, &efi_package_lists); hii->max_string_id = 0; INIT_LIST_HEAD(&hii->string_tables); INIT_LIST_HEAD(&hii->guid_list); @@ -465,7 +466,6 @@ new_package_list(const struct efi_hii_database_protocol *this, } hii->driver_handle = driver_handle; - list_add_tail(&hii->link, &efi_package_lists); *handle = hii; return EFI_EXIT(EFI_SUCCESS);