On Wed, Feb 3, 2021 at 11:05 PM Gedare Bloom <ged...@rtems.org> wrote:
> Is this second patch ok to check? > Yes, please go through this patch. Again adding a link to the patch to avoid confusion https://lists.rtems.org/pipermail/devel/2021-February/064203.html Thanks, Niteesh. > On Wed, Feb 3, 2021 at 2:48 AM G S Niteesh Babu <niteesh...@gmail.com> > wrote: > >> Fixed use after free and null pointer dereference defects >> >> FIXES: >> 1) CID 1472601 (NULL_RETURNS) >> 2) CID 1472600 (USE_AFTER_FREE) >> 3) CID 1472599 (USE_AFTER_FREE) >> 4) CID 1472598 (USE_AFTER_FREE) >> 5) CID 1472596 (USE_AFTER_FREE) >> 6) CID 1472597 (ARRAY_VS_SINGLETON) >> 7) CID 1472595 (ARRAY_VS_SINGLETON) >> --- >> bsps/shared/ofw/ofw.c | 36 ++++++++++++++++++------------------ >> 1 file changed, 18 insertions(+), 18 deletions(-) >> >> diff --git a/bsps/shared/ofw/ofw.c b/bsps/shared/ofw/ofw.c >> index 82924b2600..ccd57e36af 100644 >> --- a/bsps/shared/ofw/ofw.c >> +++ b/bsps/shared/ofw/ofw.c >> @@ -313,7 +313,7 @@ ssize_t rtems_ofw_get_prop_alloc( >> } >> >> if (rtems_ofw_get_prop(node, propname, *buf, len) == -1) { >> - rtems_ofw_free(buf); >> + rtems_ofw_free(*buf); >> *buf = NULL; >> return -1; >> } >> @@ -344,7 +344,7 @@ ssize_t rtems_ofw_get_prop_alloc_multi( >> } >> >> if (rtems_ofw_get_prop(node, propname, *buf, len) == -1) { >> - rtems_ofw_free(buf); >> + rtems_ofw_free(*buf); >> *buf = NULL; >> return -1; >> } >> @@ -373,7 +373,7 @@ ssize_t rtems_ofw_get_enc_prop_alloc( >> } >> >> if (rtems_ofw_get_enc_prop(node, propname, *buf, len) == -1) { >> - rtems_ofw_free(buf); >> + rtems_ofw_free(*buf); >> *buf = NULL; >> return -1; >> } >> @@ -404,7 +404,7 @@ ssize_t rtems_ofw_get_enc_prop_alloc_multi( >> } >> >> if (rtems_ofw_get_enc_prop(node, propname, *buf, len) == -1) { >> - rtems_ofw_free(buf); >> + rtems_ofw_free(*buf); >> *buf = NULL; >> return -1; >> } >> @@ -500,21 +500,21 @@ static phandle_t rtems_ofw_get_effective_phandle( >> ) >> { >> phandle_t child; >> - phandle_t ref; >> + phandle_t ref[1]; >> >> for (child = rtems_ofw_child(node); child != 0; child = >> rtems_ofw_peer(child)) { >> - ref = rtems_ofw_get_effective_phandle(child, xref); >> - if (ref != -1) >> - return ref; >> + ref[0] = rtems_ofw_get_effective_phandle(child, xref); >> + if (ref[0] != -1) >> + return ref[0]; >> >> - if (rtems_ofw_get_enc_prop(child, "phandle", &ref, sizeof(ref)) == >> -1 && >> - rtems_ofw_get_enc_prop(child, "ibm,phandle", &ref, sizeof(ref)) >> == -1 && >> - rtems_ofw_get_enc_prop(child, "linux,phandle", &ref, >> sizeof(ref)) == -1 >> + if (rtems_ofw_get_enc_prop(child, "phandle", ref, sizeof(ref)) == -1 >> && >> + rtems_ofw_get_enc_prop(child, "ibm,phandle", ref, sizeof(ref)) >> == -1 && >> + rtems_ofw_get_enc_prop(child, "linux,phandle", ref, sizeof(ref)) >> == -1 >> ) { >> continue; >> } >> >> - if (ref == xref) >> + if (ref[0] == xref) >> return child; >> } >> >> @@ -533,16 +533,16 @@ phandle_t rtems_ofw_node_from_xref( phandle_t xref ) >> >> phandle_t rtems_ofw_xref_from_node( phandle_t node ) >> { >> - phandle_t ref; >> + phandle_t ref[1]; >> >> - if (rtems_ofw_get_enc_prop(node, "phandle", &ref, sizeof(ref)) == -1 >> && >> - rtems_ofw_get_enc_prop(node, "ibm,phandle", &ref, sizeof(ref)) >> == -1 && >> - rtems_ofw_get_enc_prop(node, "linux,phandle", &ref, sizeof(ref)) >> == -1) >> + if (rtems_ofw_get_enc_prop(node, "phandle", ref, sizeof(ref)) == -1 >> && >> + rtems_ofw_get_enc_prop(node, "ibm,phandle", ref, sizeof(ref)) == >> -1 && >> + rtems_ofw_get_enc_prop(node, "linux,phandle", ref, sizeof(ref)) >> == -1) >> { >> return node; >> } >> >> - return ref; >> + return ref[0]; >> } >> >> phandle_t rtems_ofw_instance_to_package( ihandle_t instance ) >> @@ -614,7 +614,7 @@ int rtems_ofw_get_reg( >> offset = rtems_fdt_phandle_to_offset(parent); >> ptr = fdt_getprop(fdtp, offset, "ranges", &len); >> >> - if (len < 0) { >> + if (ptr == NULL) { >> break; >> } >> >> -- >> 2.17.1 >> >> _______________________________________________ >> devel mailing list >> devel@rtems.org >> http://lists.rtems.org/mailman/listinfo/devel >> >
_______________________________________________ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel
