setenv("global.bootm.root_param", getenv("global.bootm.root_param"))
triggers a use-after-free, because the value is free'd before being
duplicated and allocated again.Let's just early exit in this case as there's nothing further to do. This was noticed by KASAN when bootm_data_restore_defaults restored global.bootm.root_param. Signed-off-by: Ahmad Fatoum <[email protected]> Link: https://lore.barebox.org/[email protected] Signed-off-by: Sascha Hauer <[email protected]> (cherry picked from commit c8cfce813f2f7e5df84bf2ba4364212c04102451) Signed-off-by: Ahmad Fatoum <[email protected]> --- lib/parameter.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/parameter.c b/lib/parameter.c index 274e6fcb8376..770c90ec48b4 100644 --- a/lib/parameter.c +++ b/lib/parameter.c @@ -131,6 +131,8 @@ int bobject_set_param(bobject_t _bobj, const char *name, const char *val) int bobject_param_set_generic(bobject_t _bobj, struct param_d *p, const char *val) { + if (val == p->value) + return 0; free(p->value); if (!val) { p->value = NULL; -- 2.47.3
