Gitiles
Code Review Sign In
gerrit.cesnet.cz / github / trini / u-boot / f8212f09702f802ffab42769133e3114bd6e5e77^! / . / include / efi_loader.h
commitf8212f09702f802ffab42769133e3114bd6e5e77[log] [tgz]
authorHeinrich Schuchardt <xypron.glpk@gmx.de>Mon Dec 28 23:24:40 2020 +0100
committerHeinrich Schuchardt <xypron.glpk@gmx.de>Thu Dec 31 14:33:07 2020 +0100
tree2ab92da9a641ed1e80ac524aba083faac7baac82
parent0ce3fb55e0be286f1f7686aeb452ee77100a2493 [diff] [blame]
efi_loader: use after free in efi_exit()

Do not use data from the loaded image object after deleting it.

Fixes: 126a43f15b36 ("efi_loader: unload applications upon Exit()")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

diff --git a/include/efi_loader.h b/include/efi_loader.h
index 280225a..62a6c3d 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h

@@ -311,10 +311,10 @@
  */
 struct efi_loaded_image_obj {
 	struct efi_object header;
-	efi_status_t exit_status;
+	efi_status_t *exit_status;
 	efi_uintn_t *exit_data_size;
 	u16 **exit_data;
-	struct jmp_buf_data exit_jmp;
+	struct jmp_buf_data *exit_jmp;
 	EFIAPI efi_status_t (*entry)(efi_handle_t image_handle,
 				     struct efi_system_table *st);
 	u16 image_type;