coreboot-mirror
/
seabios
mirror of https://review.coreboot.org/seabios.git
1
0
Fork 0
Code Issues Releases Wiki Activity

nvme: avoid use-after-free in nvme_controller_enable() 

Commit b68f313c91 ("nvme: Record maximum allowed request size")
introduced a use of "identify" past it being passed to free(). Latch the
value of interest into a local variable.

Reported-by: Coverity (ID 1497613)
Signed-off-by: Jan Beulich <jbeulich@suse.com>
This commit is contained in:
Jan Beulich via SeaBIOS 2022-01-24 10:20:53 +01:00 committed by Kevin O'Connor
parent 15a102e062
commit dc776a2d9c
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/hw/nvme.c
View File

@ -637,6 +637,7 @@ nvme_controller_enable(struct nvme_ctrl *ctrl)
identify->nn, (identify->nn == 1) ? "" : "s");
ctrl->ns_count = identify->nn;
u8 mdts = identify->mdts;
free(identify);
if ((ctrl->ns_count == 0) || nvme_create_io_queues(ctrl)) {
@ -648,7 +649,7 @@ nvme_controller_enable(struct nvme_ctrl *ctrl)
/* Populate namespace IDs */
int ns_idx;
for (ns_idx = 0; ns_idx < ctrl->ns_count; ns_idx++) {
nvme_probe_ns(ctrl, ns_idx, identify->mdts);
nvme_probe_ns(ctrl, ns_idx, mdts);
}
dprintf(3, "NVMe initialization complete!\n");