summaryrefslogtreecommitdiff
path: root/common/cmd_yaffs2.c
diff options
context:
space:
mode:
authorSteven Falco <stevenfalco@gmail.com>2013-10-07 09:51:48 -0400
committerTom Rini <trini@ti.com>2013-10-14 16:49:20 -0400
commit0e3f3f8a3d6e778eb3d8599475e6431ad6b51136 (patch)
treec011c058b233fe4b41272891020d9f1023c1380b /common/cmd_yaffs2.c
parent16641d52fc70f67aa083c5ebffc526ee8e46bf35 (diff)
downloadu-boot-imx-0e3f3f8a3d6e778eb3d8599475e6431ad6b51136.zip
u-boot-imx-0e3f3f8a3d6e778eb3d8599475e6431ad6b51136.tar.gz
u-boot-imx-0e3f3f8a3d6e778eb3d8599475e6431ad6b51136.tar.bz2
Prevent null pointer dereference originating in cmd_pxe.c
Pass a valid cmdtp into do_tftpb(), do_ext2load(), and do_get_fat(), to avoid possible crashes due to null pointer dereferencing. Commit d7884e047d08447dfd1374e9fa2fdf7ab36e56f5 does not go far enough. There is still at least one call chain that can result in a crash. The do_tftpb(), do_ext2load(), and do_get_fat() functions expect a valid cmdtp. Passing in NULL is particularly bad in the do_tftpb() case, because eventually boot_get_kernel() will be called with a NULL cmdtp: do_tftpb() -> netboot_common() -> bootm_maybe_autostart() -> do_bootm() -> do_bootm_states() -> bootm_find_os() -> boot_get_kernel() Around line 991 in cmd_bootm.c, boot_get_kernel() will dereference the null pointer, and the board will crash. Signed-off-by: Steven A. Falco <stevenfalco@gmail.com>
Diffstat (limited to 'common/cmd_yaffs2.c')
0 files changed, 0 insertions, 0 deletions