Found a crash while issuing ext4ls with a non-existent directory.
Crash test:
=> ext4ls mmc 0 1
** Can not find directory. **
data abort
pc : [<
3fd7c2ec>] lr : [<
3fd93ed8>]
reloc pc : [<
26f142ec>] lr : [<
26f2bed8>]
sp :
3f963338 ip :
3fdc3dc4 fp :
3fd6b370
r10:
00000004 r9 :
3f967ec0 r8 :
3f96db68
r7 :
3fdc99b4 r6 :
00000000 r5 :
3f96dc88 r4 :
3fdcbc8c
r3 :
fffffffa r2 :
00000000 r1 :
3f96e0bc r0 :
00000002
Flags: nZCv IRQs off FIQs off Mode SVC_32
Resetting CPU ...
resetting ...
Tested on SAMA5D2_Xplained board (sama5d2_xplained_mmc_defconfig)
Looks like crash is introduced by commit:
"
fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls
Issue is that dirnode is not initialized, and then freed if the call
to ext4_ls fails. ext4_ls will not change the value of dirnode in this case
thus we have a crash with data abort.
I added initialization and a check for dirname being NULL.
Fixes: "fa9ca8a" fs/ext4/ext4fs.c: Free dirnode in error path of ext4fs_ls
Cc: Stefan BrĂ¼ns <stefan.bruens@rwth-aachen.de>
Cc: Tom Rini <trini@konsulko.com>
Signed-off-by: Eugen Hristev <eugen.hristev@microchip.com>
Reviewed-by: Tom Rini <trini@konsulko.com>
int ext4fs_ls(const char *dirname)
{
- struct ext2fs_node *dirnode;
+ struct ext2fs_node *dirnode = NULL;
int status;
if (dirname == NULL)
FILETYPE_DIRECTORY);
if (status != 1) {
printf("** Can not find directory. **\n");
- ext4fs_free_node(dirnode, &ext4fs_root->diropen);
+ if (dirnode)
+ ext4fs_free_node(dirnode, &ext4fs_root->diropen);
return 1;
}