* [PATCH master] param: make setting a parameter to the same string value a no-op
@ 2025-12-11 17:17 Ahmad Fatoum
2025-12-15 7:23 ` Sascha Hauer
0 siblings, 1 reply; 2+ messages in thread
From: Ahmad Fatoum @ 2025-12-11 17:17 UTC (permalink / raw)
To: barebox; +Cc: Ahmad Fatoum
setenv("global.bootm.root_param", getenv("global.bootm.root_param"))
triggers a use-after-free, because the value is free'd before being
duplicated and allocated again.
Let's just early exit in this case as there's nothing further to do.
This was noticed by KASAN when bootm_data_restore_defaults restored
global.bootm.root_param.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
lib/parameter.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/parameter.c b/lib/parameter.c
index b9a449c32657..bf5dbbb05e6b 100644
--- a/lib/parameter.c
+++ b/lib/parameter.c
@@ -131,6 +131,8 @@ int bobject_set_param(bobject_t _bobj, const char *name, const char *val)
int bobject_param_set_generic(bobject_t _bobj, struct param_d *p,
const char *val)
{
+ if (val == p->value)
+ return 0;
free(p->value);
if (!val) {
p->value = NULL;
--
2.47.3
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-12-15 7:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-12-11 17:17 [PATCH master] param: make setting a parameter to the same string value a no-op Ahmad Fatoum
2025-12-15 7:23 ` Sascha Hauer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox