From 27d95c1a0311d2d1b181df222cd531b67a61802e Mon Sep 17 00:00:00 2001 From: Warner Losh Date: Mon, 15 Jan 2018 22:17:15 +0000 Subject: [PATCH] When returning an error and freeing allocated memory from ucs2_to_utf8 and utf8_to_ucs2, be sure to NULL out the return pointer too, rather than return a pointer to free memory. Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D13917 --- stand/efi/libefi/efichar.c | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/stand/efi/libefi/efichar.c b/stand/efi/libefi/efichar.c index 15aa5cae3a5..e5e57741c49 100644 --- a/stand/efi/libefi/efichar.c +++ b/stand/efi/libefi/efichar.c @@ -116,8 +116,10 @@ ucs2_to_utf8(const efi_char *nm, char **name) if (len >= sz) { /* Absent bugs, we'll never return EOVERFLOW */ - if (freeit) + if (freeit) { free(*name); + *name = NULL; + } return (EOVERFLOW); } *cp++ = '\0'; @@ -150,11 +152,8 @@ utf8_to_ucs2(const char *name, efi_char **nmp, size_t *len) */ if ((c & 0xc0) != 0x80) { /* Initial characters. */ - if (bytes != 0) { - if (freeit) - free(nm); - return (EILSEQ); - } + if (bytes != 0) + goto ilseq; if ((c & 0xf8) == 0xf0) { ucs4 = c & 0x07; bytes = 3; @@ -173,29 +172,31 @@ utf8_to_ucs2(const char *name, efi_char **nmp, size_t *len) if (bytes > 0) { ucs4 = (ucs4 << 6) + (c & 0x3f); bytes--; - } else if (bytes == 0) { - if (freeit) - free(nm); - return (EILSEQ); - } + } else if (bytes == 0) + goto ilseq; } if (bytes == 0) { - if (ucs4 > 0xffff) { - if (freeit) - free(nm); - return (EILSEQ); - } + if (ucs4 > 0xffff) + goto ilseq; *nm++ = (efi_char)ucs4; sz -= 2; } } if (sz < 2) { - if (freeit) + if (freeit) { free(nm); + *nmp = NULL; + } return (EDOOFUS); } sz -= 2; *nm = 0; *len -= sz; return (0); +ilseq: + if (freeit) { + free(nm); + *nmp = NULL; + } + return (EILSEQ); }