tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

kern/efi/mm: Detect calls to grub_efi_drop_alloc() with wrong page counts

Browse Source 
Silently keeping entries in the list if the address matches, but the
page count doesn't is a bad idea, and can lead to double frees.

grub_efi_free_pages() have already freed parts of this block by this
point, and thus keeping the whole block in the list and freeing it again
at exit can lead to double frees.

Signed-off-by: Mate Kukri <mate.kukri@canonical.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
Mate Kukri 2024-06-12 16:14:21 +01:00 committed by Daniel Kiper
parent 61f1d0a612
commit 55d35d6283
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
grub-core/kern/efi/mm.c
View File

@ -95,8 +95,10 @@ grub_efi_drop_alloc (grub_efi_physical_address_t address,
for (eap = NULL, ea = efi_allocated_memory; ea; eap = ea, ea = ea->next)
{
if (ea->address != address || ea->pages != pages)
continue;
if (ea->address != address)
continue;
if (ea->pages != pages)
grub_fatal ("grub_efi_drop_alloc() called with wrong page count");
/* Remove the current entry from the list. */
if (eap)