cmd: gpt: Fix freeing gpt_pte in gpt_verify()
In case when either gpt_verify_headers() or gpt_verify_partitions()
fails, the memory allocated for gpt_pte will be freed in those functions
internally, but gpt_pte will still contain non-NULL dangling pointer.
The attempt to free it in those cases in gpt_verify() leads to "use
after free" error, which leads to a "Synchronous abort" exception.
This issue was found by running the next command on the device with
incorrect partition table:
=> gpt verify mmc 0 $partitions
which results to:
No partition list provided - only basic check
"Synchronous Abort" handler, esr 0x96000021, far 0xba247bff
....
Fix the issue by only freeing gpt_pte if none of those functions failed.
Fixes: bbb9ffac6066 ("gpt: command: Extend gpt command to support GPT table verification")
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>
diff --git a/cmd/gpt.c b/cmd/gpt.c
index 36b112d..aeabd19 100644
--- a/cmd/gpt.c
+++ b/cmd/gpt.c
@@ -682,7 +682,8 @@
free(str_disk_guid);
free(partitions);
out:
- free(gpt_pte);
+ if (!ret)
+ free(gpt_pte);
return ret;
}