Yes, I will submit a patch to fix the bug.
Regards, Jincheng
Tom Rini trini@konsulko.com 于2021年10月15日周五 上午1:46写道:
On Tue, Oct 12, 2021 at 04:07:43PM +0800, Jincheng Wang wrote:
Hello U-Boot lists! I had been doing a fuzz testing in U-Boot . There is a double free bug in U-Boot, in /fs/squashfs/sqfs.c in the function sqfs_tokenize( ). On the line 307, tokens[i] is being freed and the ret is being set
-ENOMEM,
it will go to the out: label and free tokens[i] again (just like CVE-2020-8432, double free in do_rename_gpt_parts() ). Here is a sample command cause to crash in sandbox environment: host bind 0 test.sqsh sqfsls host 0 1//3
Thanks! Can you please submit a fix for this as a patch, as well as updating the existing sqfs tests to have this as an example?
-- Tom