[PATCH] discover/boot: Safely cleanup after failed load
Sam Mendoza-Jonas
sam at mendozajonas.com
Tue Mar 15 14:08:23 AEDT 2016
If a call to load_url_async() fails immediately, boot() will free the
boot task and return. If other jobs started by load_url_async()
are still running they will attempt to free their task struct in
load_url_process_exit(), however the original boot task is the parent
context of this process task, resulting in a double-free.
Instead call cleanup_cancellations if an error immediately occurs to
cancel any pending load operations safely before freeing the boot task.
Signed-off-by: Sam Mendoza-Jonas <sam at mendozajonas.com>
---
discover/boot.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/discover/boot.c b/discover/boot.c
index 7778b3f..0d3491f 100644
--- a/discover/boot.c
+++ b/discover/boot.c
@@ -486,9 +486,10 @@ struct boot_task *boot(void *ctx, struct discover_boot_option *opt,
|| start_url_load(boot_task, "initrd", initrd, &boot_task->initrd)
|| start_url_load(boot_task, "dtb", dtb, &boot_task->dtb);
- /* If all URLs are local, we may be done. */
if (rc) {
- talloc_free(boot_task);
+ /* Don't call boot_cancel() to preserve the status update */
+ boot_task->cancelled = true;
+ cleanup_cancellations(boot_task, NULL);
return NULL;
}
--
2.7.3
More information about the Petitboot
mailing list