From 349a8d5e56db4c0b199123d31ff5c0be67a39a42 Mon Sep 17 00:00:00 2001 From: Lars Poeschel Date: Wed, 12 Oct 2011 11:31:19 +0200 Subject: ubifs bad superblock bug This patch fixes an issue when ubifs reads a bad superblock. Later it tries to free memory, that was not allocated, which freezes u-boot. This is fixed by looking for a non null pointer before free. The message I got before u-boot freezes: UBI: max/mean erase counter: 53/32 UBIFS: mounted UBI device 0, volume 1, name "rootfs" UBIFS: mounted read-only UBIFS: file system size: 49140 bytes (50319360 KiB, 0 MiB, 49140 LEBs) UBIFS: journal size: 49 bytes (6838272 KiB, 0 MiB, 6678 LEBs) UBIFS: media format: w4/r0 (latest is w4/r0) UBIFS: default compressor: LZO UBIFS: reserved for root: 0 bytes (0 KiB) UBIFS error (pid 0): ubifs_read_node: bad node type (255 but expected 9) UBIFS error (pid 0): ubifs_read_node: bad node at LEB 330:13104 UBIFS error (pid 0): ubifs_iget: failed to read inode 1, error -22 Error reading superblock on volume 'ubi:rootfs'! Signed-off-by: Lars Poeschel Cc: Kyungmin Park Signed-off-by: Stefan Roese --- fs/ubifs/super.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'fs/ubifs') diff --git a/fs/ubifs/super.c b/fs/ubifs/super.c index 63b2164d30..26b48f029e 100644 --- a/fs/ubifs/super.c +++ b/fs/ubifs/super.c @@ -848,8 +848,10 @@ void ubifs_umount(struct ubifs_info *c) ubifs_debugging_exit(c); /* Finally free U-Boot's global copy of superblock */ - free(ubifs_sb->s_fs_info); - free(ubifs_sb); + if (ubifs_sb != NULL) { + free(ubifs_sb->s_fs_info); + free(ubifs_sb); + } } /** -- cgit v1.2.1