x86/EFI: fix freeing of uninitialized pointer

The only valid response from the LocateHandle() call is EFI_BUFFER_TOO_SMALL,
so exit if we get anything else.  We pass a 0 size/NULL pointer buffer, so the
only other returns we will get is an error.  Return right away as there is
nothing to do.  Also return if there is an error allocating the buffer, as the
previous code path also allowed for an undefined pointer to be freed.

Signed-off-by: Roy Franz <roy.franz@linaro.org>
Re-structure the change.

Signed-off-by: Jan Beulich <jbeulich@suse.com>

diff --git a/xen/arch/x86/efi/boot.c b/xen/arch/x86/efi/boot.c
index 3bdc15820a41085c44e3861e916fa2061a5e7c0e..6f345929f17360743c692a5dee482858fd562167 100644 (file)
--- a/xen/arch/x86/efi/boot.c
+++ b/xen/arch/x86/efi/boot.c
@@ -595,11 +595,12 @@ static void __init setup_efi_pci(void)
     struct efi_pci_rom *last = NULL;
 
     status = efi_bs->LocateHandle(ByProtocol, &pci_guid, NULL, &size, NULL);
-    if ( status == EFI_BUFFER_TOO_SMALL )
-        status = efi_bs->AllocatePool(EfiLoaderData, size, (void **)&handles);
-    if ( !EFI_ERROR(status) )
-        status = efi_bs->LocateHandle(ByProtocol, &pci_guid, NULL, &size,
-                                      handles);
+    if ( status != EFI_BUFFER_TOO_SMALL )
+        return;
+    status = efi_bs->AllocatePool(EfiLoaderData, size, (void **)&handles);
+    if ( EFI_ERROR(status) )
+        return;
+    status = efi_bs->LocateHandle(ByProtocol, &pci_guid, NULL, &size, handles);
     if ( EFI_ERROR(status) )
         size = 0;