On 07:32 Thu 17 Jan , Daniel Mierswa wrote:
> If offscreen was not passed to fd_open the resulting offscreenbuf
> member was a dangling pointer and the free() call in fd_close
> would result in undefined behaviour.
>
> Signed-off-by: Daniel Mierswa <d.mierswa@xxxxxxxxx>
> ---
> commands/splash.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/commands/splash.c b/commands/splash.c
> index 4cc463e..75c7074 100644
> --- a/commands/splash.c
> +++ b/commands/splash.c
> @@ -59,6 +59,14 @@ static int do_splash(int argc, char *argv[])
> return 1;
> }
>
> + /*
> + * sc.offscreenbuf is dangling here, if no offscreen buffer was
> + * requested, so set it to NULL otherwise the free in fd_close
> + * will cause undefined behaviour
> + */
> + if (!offscreen)
> + sc.offscreenbuf = NULL;
> +
NAck
this is already done by memset
Best Regards,
J.
> if (sc.offscreenbuf) {
> if (do_bg)
> memset_pixel(&info, sc.offscreenbuf, bg_color,
> --
> 1.8.1
>
>
> _______________________________________________
> barebox mailing list
> barebox@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/barebox
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
