diff options
| author | Steven Falco <stevenfalco@gmail.com> | 2013-10-07 09:51:48 -0400 |
|---|---|---|
| committer | Tom Rini <trini@ti.com> | 2013-10-14 16:49:20 -0400 |
| commit | 0e3f3f8a3d6e778eb3d8599475e6431ad6b51136 (patch) | |
| tree | c011c058b233fe4b41272891020d9f1023c1380b /common/memsize.c | |
| parent | 16641d52fc70f67aa083c5ebffc526ee8e46bf35 (diff) | |
| download | talos-obmc-uboot-0e3f3f8a3d6e778eb3d8599475e6431ad6b51136.tar.gz talos-obmc-uboot-0e3f3f8a3d6e778eb3d8599475e6431ad6b51136.zip | |
Prevent null pointer dereference originating in cmd_pxe.c
Pass a valid cmdtp into do_tftpb(), do_ext2load(), and do_get_fat(), to
avoid possible crashes due to null pointer dereferencing.
Commit d7884e047d08447dfd1374e9fa2fdf7ab36e56f5 does not go far enough.
There is still at least one call chain that can result in a crash.
The do_tftpb(), do_ext2load(), and do_get_fat() functions expect a valid
cmdtp. Passing in NULL is particularly bad in the do_tftpb() case,
because eventually boot_get_kernel() will be called with a NULL cmdtp:
do_tftpb() -> netboot_common() -> bootm_maybe_autostart() -> do_bootm()
-> do_bootm_states() -> bootm_find_os() -> boot_get_kernel()
Around line 991 in cmd_bootm.c, boot_get_kernel() will dereference the
null pointer, and the board will crash.
Signed-off-by: Steven A. Falco <stevenfalco@gmail.com>
Diffstat (limited to 'common/memsize.c')
0 files changed, 0 insertions, 0 deletions
