[Skiboot] [PATCH v2 02/11] OPAL: nest feature detection
Daniel Axtens
dja at axtens.net
Wed Jul 29 11:46:29 AEST 2015
> +int load_catalogue_lid(int loaded)
> +{
> + if (loaded == OPAL_SUCCESS)
> + loaded = wait_for_resource_loaded(RESOURCE_ID_CATALOGUE,
> + RESOURCE_SUBID_NONE);
> +
> + if (loaded != OPAL_SUCCESS) {
> + prerror("Nest_IMA: Error loading catalogue lid\n");
> + free(c_ptr->catalogue);
> + free(c_ptr);
> + return OPAL_RESOURCE;
> + }
I don't see where preload_catalog_lid is called, but I assume the return
code is passed to this. If preload_catalogue_lid() fails the first first
allocation and returns OPAL_NO_MEM, you'll dereference a null pointer in
the first free. If it fails the second allocation, the dereference will
succeed, but then you'll attempt to free an invalid pointer in the first
free.
> +
> + /*
> + * Now that we have loaded the catalogue, check for the
> + * catalog magic and make sure we have loaded what we wanted
> + */
> + page0_ptr = (struct nest_catalog_page_0 *)CATALOGUE(c_ptr);
You're taking a CATALOGUE, and casting it to a page0. I remember being
confused about this in patch 1 as well. What's Page 0, and is it the
same or different to catalog?
> + if (page0_ptr->magic != CATALOG_MAGIC) {
> + prerror("Nest_IMA: Error catalogue magic number mismatch\n");
> + free(c_ptr->catalogue);
> + free(c_ptr);
> + return OPAL_RESOURCE;
> + }
> +
--
Regards,
Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 860 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ozlabs.org/pipermail/skiboot/attachments/20150729/143af28a/attachment.sig>
More information about the Skiboot
mailing list