diff options
author | Andreas Färber <afaerber@suse.de> | 2018-01-27 16:46:59 +0100 |
---|---|---|
committer | Andreas Färber <afaerber@suse.de> | 2018-01-27 16:46:59 +0100 |
commit | 8e4cdd221034aa260def15874e8f99262eb77930 (patch) | |
tree | cceb0086def21600b7da088bf7e1d22d38b5a657 /tools | |
parent | f478253da84ee14f36d0524d54719e7b0f88f4f1 (diff) |
fiptool: Fix use after free
Commit 880b9e8b4c99ad99eee14079d5a6162733ef4931 (Add padding at the end
of the last entry) added code using toc_entry pointer, whose memory is
already freed via variable buf. This causes enormous padding on openSUSE.
Free the memory buffer only after padding is done.
Signed-off-by: Andreas Färber <afaerber@suse.de>
Diffstat (limited to 'tools')
-rw-r--r-- | tools/fiptool/fiptool.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/fiptool/fiptool.c b/tools/fiptool/fiptool.c index 33c451e4..e70ff364 100644 --- a/tools/fiptool/fiptool.c +++ b/tools/fiptool/fiptool.c @@ -543,7 +543,6 @@ static int pack_images(const char *filename, uint64_t toc_flags, unsigned long a log_dbgx("Metadata size: %zu bytes", buf_size); xfwrite(buf, buf_size, fp, filename); - free(buf); if (verbose) log_dbgx("Payload size: %zu bytes", payload_size); @@ -566,6 +565,7 @@ static int pack_images(const char *filename, uint64_t toc_flags, unsigned long a while (pad_size--) fputc(0x0, fp); + free(buf); fclose(fp); return 0; } |