From: Ilias Apalodimas Date: Thu, 27 Nov 2025 12:19:06 +0000 (+0200) Subject: efi_loader: Fix a memory leak when retrieving device paths from boot vars X-Git-Tag: v2026.01-rc4~10^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ad53505a4861ad7eec5c6a919ea39692d915e433;p=thirdparty%2Fu-boot.git efi_loader: Fix a memory leak when retrieving device paths from boot vars get_dp_device() is used to derive the device path from a boot variable. However, if the last efi_get_variable_int() call fails, we return an error without freeing 'buf'. There's no need to call efi_get_variable_int() for variables we don't know the size since we have the efi_get_var() wrapper. Replace that in the two instances we use it. The first one will also fix the memory leak. A nice sideeffect is that the code size is also reduced, since we are re-using functions instead of open coding them $~ bloat-o-meter u-boot u-boot.new add/remove: 0/0 grow/shrink: 1/2 up/down: 6/-196 (-190) Function old new delta version_string 70 76 +6 efi_launch_capsules 2288 2196 -92 get_dp_device 244 140 -104 Total: Before=1222331, After=1222141, chg -0.02% Fixes: c74cd8bd08d1 ("efi_loader: capsule: add capsule_on_disk support") Signed-off-by: Ilias Apalodimas Reviewed-by: Heinrich Schuchardt --- diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c index 31b47a20186..eafc647f558 100644 --- a/lib/efi_loader/efi_capsule.c +++ b/lib/efi_loader/efi_capsule.c @@ -857,18 +857,9 @@ static efi_status_t get_dp_device(u16 *boot_var, struct efi_device_path *file_dp; efi_status_t ret; - size = 0; - ret = efi_get_variable_int(boot_var, &efi_global_variable_guid, - NULL, &size, NULL, NULL); - if (ret == EFI_BUFFER_TOO_SMALL) { - buf = malloc(size); - if (!buf) - return EFI_OUT_OF_RESOURCES; - ret = efi_get_variable_int(boot_var, &efi_global_variable_guid, - NULL, &size, buf, NULL); - } - if (ret != EFI_SUCCESS) - return ret; + buf = efi_get_var(boot_var, &efi_global_variable_guid, &size); + if (!buf) + return EFI_NOT_FOUND; efi_deserialize_load_option(&lo, buf, &size); @@ -960,22 +951,11 @@ static efi_status_t find_boot_device(void) skip: /* find active boot device in BootOrder */ - size = 0; - ret = efi_get_variable_int(u"BootOrder", &efi_global_variable_guid, - NULL, &size, NULL, NULL); - if (ret == EFI_BUFFER_TOO_SMALL) { - boot_order = malloc(size); - if (!boot_order) { - ret = EFI_OUT_OF_RESOURCES; - goto out; - } - - ret = efi_get_variable_int(u"BootOrder", - &efi_global_variable_guid, - NULL, &size, boot_order, NULL); - } - if (ret != EFI_SUCCESS) + boot_order = efi_get_var(u"BootOrder", &efi_global_variable_guid, &size); + if (!boot_order) { + ret = EFI_NOT_FOUND; goto out; + } /* check in higher order */ num = size / sizeof(u16);