From 41997d3666baeea34e965c4975d33e7e79d1782d Mon Sep 17 00:00:00 2001 From: Roy Franz Date: Fri, 17 Oct 2014 15:53:46 +0200 Subject: [PATCH] x86/EFI: fix freeing of uninitialized pointer The only valid response from the LocateHandle() call is EFI_BUFFER_TOO_SMALL, so exit if we get anything else. We pass a 0 size/NULL pointer buffer, so the only other returns we will get is an error. Return right away as there is nothing to do. Also return if there is an error allocating the buffer, as the previous code path also allowed for an undefined pointer to be freed. Signed-off-by: Roy Franz Re-structure the change. Signed-off-by: Jan Beulich master commit: c61690fb76f9a51a8c932d76929b67bd0940febe master date: 2014-09-24 11:09:11 +0200 --- xen/arch/x86/efi/boot.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/xen/arch/x86/efi/boot.c b/xen/arch/x86/efi/boot.c index 0dd935cd19..704489251a 100644 --- a/xen/arch/x86/efi/boot.c +++ b/xen/arch/x86/efi/boot.c @@ -594,11 +594,12 @@ static void __init setup_efi_pci(void) struct efi_pci_rom *last = NULL; status = efi_bs->LocateHandle(ByProtocol, &pci_guid, NULL, &size, NULL); - if ( status == EFI_BUFFER_TOO_SMALL ) - status = efi_bs->AllocatePool(EfiLoaderData, size, (void **)&handles); - if ( !EFI_ERROR(status) ) - status = efi_bs->LocateHandle(ByProtocol, &pci_guid, NULL, &size, - handles); + if ( status != EFI_BUFFER_TOO_SMALL ) + return; + status = efi_bs->AllocatePool(EfiLoaderData, size, (void **)&handles); + if ( EFI_ERROR(status) ) + return; + status = efi_bs->LocateHandle(ByProtocol, &pci_guid, NULL, &size, handles); if ( EFI_ERROR(status) ) size = 0; -- 2.39.5