abuf: Correct a corner case with abuf_realloc()

If the buffer is empty and not allocated, then abuf_realloc() tries to copy invalid data. This happens because an incorrect change to use memdup() was added after the original code was written. Signed-off-by: Simon Glass <sjg@chromium.org>
author: Simon Glass <sjg@chromium.org> 2022-02-28 12:08:22 -0700
committer: Tom Rini <trini@konsulko.com> 2022-04-06 14:01:42 -0400
commit: 99aca9efe10c005189b47160d178d18f14301c7e (patch)
tree: aeec82c199fce85b9d4bd59c40030b8039b40ce9 /lib/abuf.c
parent: 64aefc4800b7fb09d179ab1f0ede0363cff27856 (diff)
download: u-boot-99aca9efe10c005189b47160d178d18f14301c7e.zip
u-boot-99aca9efe10c005189b47160d178d18f14301c7e.tar.gz
u-boot-99aca9efe10c005189b47160d178d18f14301c7e.tar.bz2
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/abuf.c b/lib/abuf.c
index 4b17e0b..1635d58 100644
--- a/lib/abuf.c
+++ b/lib/abuf.c
@@ -51,9 +51,11 @@ bool abuf_realloc(struct abuf *abuf, size_t new_size)
 		/* not currently allocated and new size is larger. Alloc and
 		 * copy in data. The new space is not inited.
 		 */
-		ptr = memdup(abuf->data, new_size);
+		ptr = malloc(new_size);
 		if (!ptr)
 			return false;
+		if (abuf->size)
+			memcpy(ptr, abuf->data, abuf->size);
 		abuf->data = ptr;
 		abuf->size = new_size;
 		abuf->alloced = true;
author	Simon Glass <sjg@chromium.org>	2022-02-28 12:08:22 -0700
committer	Tom Rini <trini@konsulko.com>	2022-04-06 14:01:42 -0400
commit	99aca9efe10c005189b47160d178d18f14301c7e (patch)
tree	aeec82c199fce85b9d4bd59c40030b8039b40ce9 /lib/abuf.c
parent	64aefc4800b7fb09d179ab1f0ede0363cff27856 (diff)
download	u-boot-99aca9efe10c005189b47160d178d18f14301c7e.zip u-boot-99aca9efe10c005189b47160d178d18f14301c7e.tar.gz u-boot-99aca9efe10c005189b47160d178d18f14301c7e.tar.bz2