1 files changed, 82 insertions, 0 deletions
diff --git a/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch b/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch
new file mode 100644
index 0000000000..435130516c
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch
@@ -0,0 +1,82 @@
+From 929c2ce8214c53cb95abff57a89556cd18444097 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Thu, 26 Nov 2020 12:48:07 +0000
+Subject: [PATCH] affs: Fix memory leaks
+The node structure reference is being allocated but not freed if it
+reaches the end of the function. If any of the hooks had returned
+a non-zero value, then node would have been copied in to the context
+reference, but otherwise node is not stored and should be freed.
+Similarly, the call to grub_affs_create_node() replaces the allocated
+memory in node with a newly allocated structure, leaking the existing
+memory pointed by node.
+Finally, when dir->parent is set, then we again replace node with newly
+allocated memory, which seems unnecessary when we copy in the values
+from dir->parent immediately after.
+Fixes: CID 73759
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=178ac5107389f8e5b32489d743d6824a5ebf342a]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/fs/affs.c | 18 ++++++++----------
+ 1 file changed, 8 insertions(+), 10 deletions(-)
+diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
+index 220b371..230e26a 100644
+--- a/grub-core/fs/affs.c
+++ b/grub-core/fs/affs.c
+@@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+ {
+   unsigned int i;
+   struct grub_affs_file file;
+-  struct grub_fshelp_node *node = 0;
+  struct grub_fshelp_node *node, *orig_node;
+   struct grub_affs_data *data = dir->data;
+   grub_uint32_t *hashtable;
+ 
+   /* Create the directory entries for `.' and `..'.  */
+-  node = grub_zalloc (sizeof (*node));
+  node = orig_node = grub_zalloc (sizeof (*node));
+   if (!node)
+     return 1;
+     
+@@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+     return 1;
+   if (dir->parent)
+     {
+-      node = grub_zalloc (sizeof (*node));
+-      if (!node)
+-       return 1;
+       *node = *dir->parent;
+       if (hook ("..", GRUB_FSHELP_DIR, node, hook_data))
+        return 1;
+@@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
+ 
+          if (grub_affs_create_node (dir, hook, hook_data, &node, &hashtable,
+                                     next, &file))
+-           return 1;
+           {
+             /* Node has been replaced in function. */
+             grub_free (orig_node);
+             return 1;
+           }
+ 
+          next = grub_be_to_cpu32 (file.next);
+        }
+     }
+ 
+-  grub_free (hashtable);
+-  return 0;
+-
+  fail:
+-  grub_free (node);
+  grub_free (orig_node);
+   grub_free (hashtable);
+   return 0;
+ }

diff --git a/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch b/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch new file mode 100644 index 0000000000..435130516c --- /dev/null +++ b/meta/recipes-bsp/grub/files/0025-affs-Fix-memory-leaks.patch
@@ -0,0 +1,82 @@
	1	From 929c2ce8214c53cb95abff57a89556cd18444097 Mon Sep 17 00:00:00 2001
	2	From: Darren Kenny <darren.kenny@oracle.com>
	3	Date: Thu, 26 Nov 2020 12:48:07 +0000
	4	Subject: [PATCH] affs: Fix memory leaks
	5
	6	The node structure reference is being allocated but not freed if it
	7	reaches the end of the function. If any of the hooks had returned
	8	a non-zero value, then node would have been copied in to the context
	9	reference, but otherwise node is not stored and should be freed.
	10
	11	Similarly, the call to grub_affs_create_node() replaces the allocated
	12	memory in node with a newly allocated structure, leaking the existing
	13	memory pointed by node.
	14
	15	Finally, when dir->parent is set, then we again replace node with newly
	16	allocated memory, which seems unnecessary when we copy in the values
	17	from dir->parent immediately after.
	18
	19	Fixes: CID 73759
	20
	21	Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
	22	Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
	23
	24	Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=178ac5107389f8e5b32489d743d6824a5ebf342a]
	25	Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
	26	---
	27	grub-core/fs/affs.c \| 18 ++++++++----------
	28	1 file changed, 8 insertions(+), 10 deletions(-)
	29
	30	diff --git a/grub-core/fs/affs.c b/grub-core/fs/affs.c
	31	index 220b371..230e26a 100644
	32	--- a/grub-core/fs/affs.c
	33	+++ b/grub-core/fs/affs.c
	34	@@ -400,12 +400,12 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
	35	{
	36	unsigned int i;
	37	struct grub_affs_file file;
	38	- struct grub_fshelp_node *node = 0;
	39	+ struct grub_fshelp_node node, orig_node;
	40	struct grub_affs_data *data = dir->data;
	41	grub_uint32_t *hashtable;
	42
	43	/* Create the directory entries for `.' and `..'. */
	44	- node = grub_zalloc (sizeof (*node));
	45	+ node = orig_node = grub_zalloc (sizeof (*node));
	46	if (!node)
	47	return 1;
	48
	49	@@ -414,9 +414,6 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
	50	return 1;
	51	if (dir->parent)
	52	{
	53	- node = grub_zalloc (sizeof (*node));
	54	- if (!node)
	55	- return 1;
	56	node = dir->parent;
	57	if (hook ("..", GRUB_FSHELP_DIR, node, hook_data))
	58	return 1;
	59	@@ -456,17 +453,18 @@ grub_affs_iterate_dir (grub_fshelp_node_t dir,
	60
	61	if (grub_affs_create_node (dir, hook, hook_data, &node, &hashtable,
	62	next, &file))
	63	- return 1;
	64	+ {
	65	+ /* Node has been replaced in function. */
	66	+ grub_free (orig_node);
	67	+ return 1;
	68	+ }
	69
	70	next = grub_be_to_cpu32 (file.next);
	71	}
	72	}
	73
	74	- grub_free (hashtable);
	75	- return 0;
	76	-
	77	fail:
	78	- grub_free (node);
	79	+ grub_free (orig_node);
	80	grub_free (hashtable);
	81	return 0;
	82	}