From: Andrew Goodbody <andrew.goodbody@linaro.org>
Date: Wed, 2 Jul 2025 10:01:36 +0000 (+0100)
Subject: efi_loader: Prevent dereferencing NULL pointer
X-Git-Tag: v2025.10-rc1~134^2~2^2~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9d95a35715fcb8e81ee423e31273489a47ed1563;p=thirdparty%2Fu-boot.git

efi_loader: Prevent dereferencing NULL pointer

Taking the first goto error: in file_open could either result in an
attempt to dereference fh when NULL or else free fh->path which has
not been assigned to and so will be unknown. Avoid both of these
problems by passing path to free instead of fh->path.

This issue found by Smatch.

Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Andrew Goodbody <andrew.goodbody@linaro.org>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---

diff --git a/lib/efi_loader/efi_file.c b/lib/efi_loader/efi_file.c
index 7d81da8f2d8..19b43c4a625 100644
--- a/lib/efi_loader/efi_file.c
+++ b/lib/efi_loader/efi_file.c
@@ -248,7 +248,7 @@ static struct efi_file_handle *file_open(struct file_system *fs,
 	return &fh->base;
 
 error:
-	free(fh->path);
+	free(path);
 	free(fh);
 	return NULL;
 }