Is this a barebox bootm memory release Bug ?
Sascha Hauer
s.hauer at pengutronix.de
Wed Mar 18 11:55:12 PDT 2015
Hi Gabor,
On Wed, Mar 18, 2015 at 04:28:26PM +0000, Gabor Janak (g.janak at agilion.de) wrote:
> Hi,
>
> I have one little question.
> In [barebox.git] / common / bootm.c Line 201
>
> 196 if (data->verify) {
> 197 ret = uimage_verify(data->os);
> 198 if (ret) {
> 199 printf("Checking data crc failed with %s\n",
> 200 strerror(-ret));
> 201 uimage_close(data->os);
> 202 return ret;
> 203 }
> 204 }
>
> The uimage is closed but data->os is not set to NULL.
>
> If this function is called from bootm_boot in
> 472 ret = handler->bootm(data);
>
> and
> 482 if (data->os)
> 483 uimage_close(data->os);
>
> will crash free something ....
> Will end in a possible
> unable to handle paging request at address 0xfe148f0e
>
> Is this a correct analyze ?
> If yes, it's enough to add an data->os=NULL after uimage_close ?
Yes, this seems to be a bug. Alternatively we could just skip the
uimage_close in the bootm_open_os_uimage error paths.
Sascha
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list