diff options
author | Bohdan Tymkiv <bhdt@cypress.com> | 2018-04-27 15:37:28 +0300 |
---|---|---|
committer | Tomas Vanek <vanekt@fbl.cz> | 2018-06-05 11:29:33 +0100 |
commit | 456f982868ddd7c699e45ee24f7080cbaf0d72ee (patch) | |
tree | 83e943952bd2ad11aa5351c590b3a6475d938676 | |
parent | 5952f5e50a163f82385c6ccf88d84e8372f496b7 (diff) |
flash/nor/core: fix double-free crash with 'virtual' flash banks
flash_bank structure of 'virtual' flash driver is a full copy of
the master flash_bank structure including bank->sectors and
bank->prot_blocks pointers. These pointers point to memory
locations allocated by the master driver and thus master driver
is responsible for deallocating them.
Do not free bank->sectors and bank->prot_blocks of 'virtual'
driver since they were already released by master flash driver.
Change-Id: I01f373d4adb3fc79e2724964926b9276442c5c52
Signed-off-by: Bohdan Tymkiv <bhdt@cypress.com>
Reviewed-on: http://openocd.zylin.com/4504
Tested-by: jenkins
Reviewed-by: Tomas Vanek <vanekt@fbl.cz>
-rw-r--r-- | src/flash/nor/core.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/flash/nor/core.c b/src/flash/nor/core.c index f05c68b8..49412816 100644 --- a/src/flash/nor/core.c +++ b/src/flash/nor/core.c @@ -188,9 +188,17 @@ void flash_free_all_banks(void) else LOG_WARNING("Flash driver of %s does not support free_driver_priv()", bank->name); + /* For 'virtual' flash driver bank->sectors and bank->prot_blocks pointers are copied from + * master flash_bank structure. They point to memory locations allocated by master flash driver + * so master driver is responsible for releasing them. + * Avoid UB caused by double-free memory corruption if flash bank is 'virtual'. */ + + if (strcmp(bank->driver->name, "virtual") != 0) { + free(bank->sectors); + free(bank->prot_blocks); + } + free(bank->name); - free(bank->sectors); - free(bank->prot_blocks); free(bank); bank = next; } |