From: Lars Poeschel <larsi@wh2.tu-dresden.de>
Date: Wed, 12 Oct 2011 09:31:19 +0000 (+0200)
Subject: ubifs bad superblock bug
X-Git-Tag: v2025.01-rc5-pxa1908~18825^2~1
X-Git-Url: http://git.dujemihanovic.xyz/img/static/%7B%7B%20%28.OutputFormats.Get?a=commitdiff_plain;h=349a8d5e56db4c0b199123d31ff5c0be67a39a42;p=u-boot.git

ubifs bad superblock bug

This patch fixes an issue when ubifs reads a bad superblock. Later it
tries to free memory, that was not allocated, which freezes u-boot.
This is fixed by looking for a non null pointer before free.

The message I got before u-boot freezes:
UBI: max/mean erase counter: 53/32
UBIFS: mounted UBI device 0, volume 1, name "rootfs"
UBIFS: mounted read-only
UBIFS: file system size:   49140 bytes (50319360 KiB, 0 MiB, 49140 LEBs)
UBIFS: journal size:       49 bytes (6838272 KiB, 0 MiB, 6678 LEBs)
UBIFS: media format:       w4/r0 (latest is w4/r0)
UBIFS: default compressor: LZO
UBIFS: reserved for root:  0 bytes (0 KiB)
UBIFS error (pid 0): ubifs_read_node: bad node type (255 but expected 9)
UBIFS error (pid 0): ubifs_read_node: bad node at LEB 330:13104
UBIFS error (pid 0): ubifs_iget: failed to read inode 1, error -22
Error reading superblock on volume 'ubi:rootfs'!

Signed-off-by: Lars Poeschel <larsi@wh2.tu-dresden.de>
Cc: Kyungmin Park <kmpark@infradead.org>
Signed-off-by: Stefan Roese <sr@denx.de>
---

diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c
index 63b2164d30..26b48f029e 100644
--- a/fs/ubifs/super.c
+++ b/fs/ubifs/super.c
@@ -848,8 +848,10 @@ void ubifs_umount(struct ubifs_info *c)
 	ubifs_debugging_exit(c);
 
 	/* Finally free U-Boot's global copy of superblock */
-	free(ubifs_sb->s_fs_info);
-	free(ubifs_sb);
+	if (ubifs_sb != NULL) {
+		free(ubifs_sb->s_fs_info);
+		free(ubifs_sb);
+	}
 }
 
 /**