diff options
author | Eugen Hristev <eugen.hristev@microchip.com> | 2018-05-09 16:28:37 +0300 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2018-05-23 17:30:04 -0400 |
commit | e71a969cea56eb3e93de3320df5ce44c9e4e1c53 (patch) | |
tree | bae4583d1ecc93a7ab102379abf3ec13e6e46c0a /fs | |
parent | 2239690aca9e1dc9ddb89289b6f4b7060a86b3fa (diff) | |
download | u-boot-e71a969cea56eb3e93de3320df5ce44c9e4e1c53.tar.gz |
fs: ext4: fix crash on ext4ls
Found a crash while issuing ext4ls with a non-existent directory.
Crash test:
=> ext4ls mmc 0 1
** Can not find directory. **
data abort
pc : [<3fd7c2ec>] lr : [<3fd93ed8>]
reloc pc : [<26f142ec>] lr : [<26f2bed8>]
sp : 3f963338 ip : 3fdc3dc4 fp : 3fd6b370
r10: 00000004 r9 : 3f967ec0 r8 : 3f96db68
r7 : 3fdc99b4 r6 : 00000000 r5 : 3f96dc88 r4 : 3fdcbc8c
r3 : fffffffa r2 : 00000000 r1 : 3f96e0bc r0 : 00000002
Flags: nZCv IRQs off FIQs off Mode SVC_32
Resetting CPU ...
resetting ...
Tested on SAMA5D2_Xplained board (sama5d2_xplained_mmc_defconfig)
Looks like crash is introduced by commit:
"fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls
Issue is that dirnode is not initialized, and then freed if the call
to ext4_ls fails. ext4_ls will not change the value of dirnode in this case
thus we have a crash with data abort.
I added initialization and a check for dirname being NULL.
Fixes: "fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls
Cc: Stefan BrĂ¼ns <stefan.bruens@rwth-aachen.de>
Cc: Tom Rini <trini@konsulko.com>
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/ext4/ext4fs.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/fs/ext4/ext4fs.c b/fs/ext4/ext4fs.c index 4b36a3e608..2a28031d14 100644 --- a/fs/ext4/ext4fs.c +++ b/fs/ext4/ext4fs.c @@ -164,7 +164,7 @@ int ext4fs_read_file(struct ext2fs_node *node, loff_t pos, int ext4fs_ls(const char *dirname) { - struct ext2fs_node *dirnode; + struct ext2fs_node *dirnode = NULL; int status; if (dirname == NULL) @@ -174,7 +174,8 @@ int ext4fs_ls(const char *dirname) FILETYPE_DIRECTORY); if (status != 1) { printf("** Can not find directory. **\n"); - ext4fs_free_node(dirnode, &ext4fs_root->diropen); + if (dirnode) + ext4fs_free_node(dirnode, &ext4fs_root->diropen); return 1; } |