- Don't try to free mboot.bootinst before it has been allocated. If, for
some reason, mboot.bootinst is not initialized to NULL at the beginning of the program, then the last commit to this would try to free whatever bogus address is in it. - Restore the behavior of free()'ing the mboot.bootinst buffer after we abuse it to determine the sector size of the disk (as clearly noted in the comments). Properly fix the double free() bug by setting the pointer to NULL after we free it.
This commit is contained in:
parent
f15da231c5
commit
a12de06299
@ -299,11 +299,11 @@ main(int argc, char *argv[])
|
||||
}
|
||||
|
||||
/* (abu)use mboot.bootinst to probe for the sector size */
|
||||
if (mboot.bootinst != NULL)
|
||||
free(mboot.bootinst);
|
||||
if ((mboot.bootinst = malloc(MAX_SEC_SIZE)) == NULL)
|
||||
err(1, "cannot allocate buffer to determine disk sector size");
|
||||
read_disk(0, mboot.bootinst);
|
||||
free(mboot.bootinst);
|
||||
mboot.bootinst = NULL;
|
||||
|
||||
if (s_flag)
|
||||
{
|
||||
|
@ -299,11 +299,11 @@ main(int argc, char *argv[])
|
||||
}
|
||||
|
||||
/* (abu)use mboot.bootinst to probe for the sector size */
|
||||
if (mboot.bootinst != NULL)
|
||||
free(mboot.bootinst);
|
||||
if ((mboot.bootinst = malloc(MAX_SEC_SIZE)) == NULL)
|
||||
err(1, "cannot allocate buffer to determine disk sector size");
|
||||
read_disk(0, mboot.bootinst);
|
||||
free(mboot.bootinst);
|
||||
mboot.bootinst = NULL;
|
||||
|
||||
if (s_flag)
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user