mirror of
https://github.com/brain-hackers/u-boot-brain
synced 2024-06-09 23:36:03 +09:00
fs: ext4: fix crash on ext4ls
Found a crash while issuing ext4ls with a non-existent directory. Crash test: => ext4ls mmc 0 1 ** Can not find directory. ** data abort pc : [<3fd7c2ec>] lr : [<3fd93ed8>] reloc pc : [<26f142ec>] lr : [<26f2bed8>] sp : 3f963338 ip : 3fdc3dc4 fp : 3fd6b370 r10: 00000004 r9 : 3f967ec0 r8 : 3f96db68 r7 : 3fdc99b4 r6 : 00000000 r5 : 3f96dc88 r4 : 3fdcbc8c r3 : fffffffa r2 : 00000000 r1 : 3f96e0bc r0 : 00000002 Flags: nZCv IRQs off FIQs off Mode SVC_32 Resetting CPU ... resetting ... Tested on SAMA5D2_Xplained board (sama5d2_xplained_mmc_defconfig) Looks like crash is introduced by commit: "fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls Issue is that dirnode is not initialized, and then freed if the call to ext4_ls fails. ext4_ls will not change the value of dirnode in this case thus we have a crash with data abort. I added initialization and a check for dirname being NULL. Fixes: "fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls Cc: Stefan Brüns <stefan.bruens@rwth-aachen.de> Cc: Tom Rini <trini@konsulko.com> Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com> Reviewed-by: Tom Rini <trini@konsulko.com>
This commit is contained in:
parent
2239690aca
commit
e71a969cea
|
@ -164,7 +164,7 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos,
|
|||
|
||||
int ext4fs_ls(const char *dirname)
|
||||
{
|
||||
struct ext2fs_node *dirnode;
|
||||
struct ext2fs_node *dirnode = NULL;
|
||||
int status;
|
||||
|
||||
if (dirname == NULL)
|
||||
|
@ -174,7 +174,8 @@ int ext4fs_ls(const char *dirname)
|
|||
FILETYPE_DIRECTORY);
|
||||
if (status != 1) {
|
||||
printf("** Can not find directory. **\n");
|
||||
ext4fs_free_node(dirnode, &ext4fs_root->diropen);
|
||||
if (dirnode)
|
||||
ext4fs_free_node(dirnode, &ext4fs_root->diropen);
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user