From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Alexey Makhalov Date: Wed, 8 Jul 2020 21:30:43 +0000 Subject: [PATCH] xnu: Fix double free in grub_xnu_devprop_add_property() grub_xnu_devprop_add_property() should not free utf8 and utf16 as it get allocated and freed in the caller. Minor improvement: do prop fields initialization after memory allocations. Fixes: CID 292442, CID 292457, CID 292460, CID 292466 Signed-off-by: Alexey Makhalov Reviewed-by: Daniel Kiper Upstream-commit-id: 4d5e2d13519 --- grub-core/loader/i386/xnu.c | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/grub-core/loader/i386/xnu.c b/grub-core/loader/i386/xnu.c index ee0eaadc4..c760db30f 100644 --- a/grub-core/loader/i386/xnu.c +++ b/grub-core/loader/i386/xnu.c @@ -262,20 +262,19 @@ grub_xnu_devprop_add_property (struct grub_xnu_devprop_device_descriptor *dev, if (!prop) return grub_errno; + prop->data = grub_malloc (datalen); + if (!prop->data) + { + grub_free (prop); + return grub_errno; + } + grub_memcpy (prop->data, data, datalen); + prop->name = utf8; prop->name16 = utf16; prop->name16len = utf16len; - prop->length = datalen; - prop->data = grub_malloc (prop->length); - if (!prop->data) - { - grub_free (prop->name); - grub_free (prop->name16); - grub_free (prop); - return grub_errno; - } - grub_memcpy (prop->data, data, prop->length); + grub_list_push (GRUB_AS_LIST_P (&dev->properties), GRUB_AS_LIST (prop)); return GRUB_ERR_NONE;