From 1547a4cb27f2569d552e2dc0746b904cb6dcc97b Mon Sep 17 00:00:00 2001
From: Tw <wei.tan@intel.com>
Date: Mon, 2 Sep 2019 13:44:08 +0800
Subject: [PATCH] efi-stub: fix stack memory free issue

Because of this commit:

    commit 63e258bd01308d0fb262361145c90d3d0ae10dbf
    Author: Tianhua Sun <tianhuax.s.sun@intel.com>
    Date:   Wed Jul 17 14:33:47 2019 +0800

	efi-stub: update string operation in efi-stub

	Remove unsafe API in efi-stub
	1, use Strnlen instead of StrLen except the parameter
	   is a static string.
	2, strlen() only work on static strings.

	Tracked-On: #3276
	Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
	Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>

In the default case, bootloader_name will be point to a separate ro
section which hold the constant string, free this memory later will
cause undefined behavior (memory corruption, exception and so on).

Tracked-On: #3644
Signed-off-by: Tw <wei.tan@intel.com>
Reviewed-by: Jack Ren <jack.ren@intel.com>
---
 misc/efi-stub/boot.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/misc/efi-stub/boot.c b/misc/efi-stub/boot.c
index 9e21e409b..0ff725eda 100644
--- a/misc/efi-stub/boot.c
+++ b/misc/efi-stub/boot.c
@@ -420,7 +420,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *_table)
 	err = get_pe_section(info->ImageBase, section, strlen(section), &sec_addr, &sec_size);
 	if (EFI_ERROR(err)) {
 		Print(L"Unable to locate section of ACRNHV %r ", err);
-		goto failed;
+		goto free_args;
 	}
 
 	/* without relocateion enabled, hypervisor binary need to reside in
@@ -436,14 +436,14 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *_table)
 	err = emalloc_fixed_addr(&hv_hpa, CONFIG_HV_RAM_SIZE, CONFIG_HV_RAM_START);
 #endif
 	if (err != EFI_SUCCESS)
-		goto failed;
+		goto free_args;
 
 	memcpy((char *)hv_hpa, info->ImageBase + sec_addr, sec_size);
 
 	/* load hypervisor and begin to run on it */
 	err = switch_to_guest_mode(image, hv_hpa);
 	if (err != EFI_SUCCESS)
-		goto failed;
+		goto free_args;
 
 	/*
 	 * enable all AP here will reset all APs,
@@ -456,7 +456,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *_table)
 	if (!path)
 		goto free_args;
 
-	FreePool(bootloader_name);
+	FreePool(cmdline16);
 
 	err = uefi_call_wrapper(boot->LoadImage, 6, FALSE, image,
 		path, NULL, 0, &bootloader_image);
@@ -476,7 +476,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *_table)
 	return EFI_SUCCESS;
 
 free_args:
-	FreePool(bootloader_name);
+	FreePool(cmdline16);
 failed:
 	/*
 	 * We need to be careful not to trash 'err' here. If we fail