On Mon, Oct 07, 2013 at 09:51:48AM -0400, Steven Falco wrote:
Pass a valid cmdtp into do_tftpb(), do_ext2load(), and do_get_fat(), to avoid possible crashes due to null pointer dereferencing.
Signed-off-by: Steven A. Falco stevenfalco@gmail.com
This doesn't apply cleanly, nor with --ignore-whitespace for me. Can you please re-check and re-send the patch? Thanks.
Sorry - I've been having trouble getting Thunderbird to leave my text alone. There was some insane "flowed text" setting that I just discovered and disabled.
I think I've got it right now. I'll download this email from the list after I post it, and do a diff to be sure.
Commit d7884e047d08447dfd1374e9fa2fdf7ab36e56f5 does not go far enough. There is still at least one call chain that can result in a crash.
The do_tftpb(), do_ext2load(), and do_get_fat() functions expect a valid cmdtp. Passing in NULL is particularly bad in the do_tftpb() case, because eventually boot_get_kernel() will be called with a NULL cmdtp:
do_tftpb() -> netboot_common() -> bootm_maybe_autostart() -> do_bootm() -> do_bootm_states() -> bootm_find_os() -> boot_get_kernel()
Around line 991 in cmd_bootm.c, boot_get_kernel() will dereference the null pointer, and the board will crash.
With a reworded commit message to include more details, applied to u-boot/master, thanks!