From patchwork Sat Mar 14 23:15:59 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Glass <sjg@u-boot.org>
X-Patchwork-Id: 1981
Return-Path: <concept-bounces+u-boot-concept=u-boot.org@u-boot.org>
X-Original-To: u-boot-concept@u-boot.org
Delivered-To: u-boot-concept@u-boot.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1773530266;
	bh=yc396pXtAOTJyahhOlbxFIzXFKDPUX8HZoP6LugTJnw=;
	h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id:
	 List-Archive:List-Help:List-Owner:List-Post:List-Subscribe:
	 List-Unsubscribe:From;
	b=KD0uCFD62xe4oRxCZJC7WW4Fl+8rUaWbdrjWyPECYLfRYHigOlFW9irI4n/NHvDFI
	 WRAkK+Fj9C/AphJ0qn/zygxWC/oKRC1VhpxbfyIUfsgZV5Hs8dNReRKxu/fS8q6LYJ
	 a1VfoqfQI83G9RgYTkAopMosddSgZqtazrLt+nPZYDALY6gmtZFbomjSzNAd84il7u
	 5TCZ7eM12WOyqiJDsG/YXRnQrefRX13JHd9KKecXIxXvqVcOAZKHqA9FhFZQGxom9l
	 5IlR3tB86dFURoYzDnYOToi/0MvOHCz5W+OZcrmPn9OoKDgKBplWkxFTUTb5iVWH09
	 Raskex64o8NaQ==
Received: from localhost (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 9998F6A04F
	for <u-boot-concept@u-boot.org>; Sat, 14 Mar 2026 17:17:46 -0600 (MDT)
X-Virus-Scanned: Debian amavis at 
Received: from mail.u-boot.org ([127.0.0.1])
 by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id JujRS1nnMkGs for <u-boot-concept@u-boot.org>;
 Sat, 14 Mar 2026 17:17:46 -0600 (MDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1773530264;
	bh=yc396pXtAOTJyahhOlbxFIzXFKDPUX8HZoP6LugTJnw=;
	h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id:
	 List-Archive:List-Help:List-Owner:List-Post:List-Subscribe:
	 List-Unsubscribe:From;
	b=RGauagIoq8OBAeEJDzZZ+bigb/x3AoCGAWuibDayb2SXuR6/UMaRD1l/QleajROkq
	 C0aPXKRObyxRaVolySrrvkVCR1DShQu48m/zPH6wIPHsda4UnIEIwncXa3kt7/jS7c
	 2UqePH8OstOHsGGazETnqUFOaAUTn7ykx9jfYXUBtX4LVWfBu7c0Q1Z4T94TZOC+k8
	 IN+iLUmtA4db8lezxDaOjBrTYURd99N84o/WxRHxdaty5P69My/14fk23/D9Utri03
	 jyRGzB8XGUZrRiVaaBdQsoS7Bu4Qpoel1qqgbMxeo8ZeQYPFgRV5M1CewndOB2w6TZ
	 VsTNlrcJRr0Yw==
Received: from mail.u-boot.org (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 429F86A031
	for <u-boot-concept@u-boot.org>; Sat, 14 Mar 2026 17:17:44 -0600 (MDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1773530261;
	bh=5F1GQMLNcdawiuv+Uy++o4zhjya8stifeJcThQ65Rh4=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=P1OWDsZQ1eXxWHgNVtSX2wwuWPFGn+yWy0S0tSQHn+UY6VVBM2BEgAF1/r+65dOyQ
	 jusPt6/xV790/FSOsuxzIGhIFyH4PeiJ7rM2x055GHqdT2QRRzjrG3bs+cWSDDyqRN
	 4iBHgX9Nefb/6lCsWtG3IuaPvm/zi7hAfmFKk9c0ZvkRgsfZC1mukDucBsHR95xMSY
	 IGtfNDkSvmAbr6tmrq4UbfNOlWWbxzQI/mc8e0dn8H1PwvP7BwZ4Z19kjdXwfcntwx
	 Tle8e4Mgllmbi3buedT6AOhnNJdSJms+FhPPM6TJ2gBYIcEdE/MLAsp0ccg37tKzu2
	 UQKdIuRYmtUgQ==
Received: from localhost (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id CC2826A033;
	Sat, 14 Mar 2026 17:17:41 -0600 (MDT)
X-Virus-Scanned: Debian amavis at 
Received: from mail.u-boot.org ([127.0.0.1])
 by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP
 id hnxeZJ3AbdFY; Sat, 14 Mar 2026 17:17:41 -0600 (MDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1773530254;
	bh=rK7ZTZzrp2N5/5TpwJhAUdd5bRRoefrN8zqxtXwhf2Q=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=Zw2Wtba5SGimQD7Q/7dmmt/Twt9sM6SqK3tbjEY8yxWSEcLxotsikucpfMueG8PDv
	 zYaYKO2/meOc0CaazS+8Ly2gl9dCJxNnWvVh8egHujR3Y0jIkL8apd7TQymn5ydkEB
	 JUJ6zEojWRcwmniMC7FhtV1rIDOSRKlsXrB1bRLq36DBGILysyYtT9+3q2Oyvx/N1N
	 aKVRUD+hJmlybVgNZeWDK+O3JzbqOmPt6jsBDm9H05FIfrREE188oi2p+aJmp5+UDQ
	 BsZgbnb8j6+kpNzG9RhjcyGcTUYxy6D9xVoqx8MLIHyQMdsXp4Z98r7VjtROf2Do1D
	 Fbu37CfmTqMkw==
Received: from u-boot.org (unknown [73.34.74.121])
	by mail.u-boot.org (Postfix) with ESMTPSA id 34D7D6A038;
	Sat, 14 Mar 2026 17:17:34 -0600 (MDT)
From: Simon Glass <sjg@u-boot.org>
To: U-Boot Concept <concept@u-boot.org>
Date: Sat, 14 Mar 2026 17:15:59 -0600
Message-ID: <20260314231618.338113-9-sjg@u-boot.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260314231618.338113-1-sjg@u-boot.org>
References: <20260314231618.338113-1-sjg@u-boot.org>
MIME-Version: 1.0
Message-ID-Hash: A3EDTIGLGA3XVCAEXCJZAK7N5AZVFQPA
X-Message-ID-Hash: A3EDTIGLGA3XVCAEXCJZAK7N5AZVFQPA
X-MailFrom: sjg@u-boot.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
CC: Simon Glass <sjg@chromium.org>
X-Mailman-Version: 3.3.10
Precedence: list
Subject: [Concept] [PATCH 08/19] test: pxe: Fix dangling pointer in FDT env
 save/restore
List-Id: Discussion and patches related to U-Boot Concept <concept.u-boot.org>
Archived-At: 
 <https://lists.u-boot.org/archives/list/concept@u-boot.org/message/A3EDTIGLGA3XVCAEXCJZAK7N5AZVFQPA/>
List-Archive: <https://lists.u-boot.org/archives/list/concept@u-boot.org/>
List-Help: <mailto:concept-request@u-boot.org?subject=help>
List-Owner: <mailto:concept-owner@u-boot.org>
List-Post: <mailto:concept@u-boot.org>
List-Subscribe: <mailto:concept-join@u-boot.org>
List-Unsubscribe: <mailto:concept-leave@u-boot.org>

From: Simon Glass <sjg@chromium.org>

pxe_test_fdt_fallback() and pxe_test_alloc_norun() save the values
of fdt_addr and fdtcontroladdr using env_get(), which returns a
pointer into the environment hash table. When the variable is then
cleared with env_set(name, NULL), the hash entry is freed, leaving
the saved pointer dangling. Restoring from this pointer writes
corrupt data, breaking later tests like bootflow_efi that depend on
fdtcontroladdr

Fix by using strdup() to save env values. Extract the save/restore
logic into pxe_save_and_clear_fdt_env() and pxe_restore_fdt_env()
helpers shared by both tests.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

 test/boot/pxe.c | 70 +++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 56 insertions(+), 14 deletions(-)

diff --git a/test/boot/pxe.c b/test/boot/pxe.c
index cd831807b94..e691ceebc61 100644
--- a/test/boot/pxe.c
+++ b/test/boot/pxe.c
@@ -35,6 +35,56 @@
 #define PXE_ARG_FS_IMAGE	0	/* Path to filesystem image */
 #define PXE_ARG_CFG_PATH	1	/* Path to config file within image */
 
+/**
+ * struct pxe_env_save - saved FDT-related environment variables
+ *
+ * @fdt_addr: Saved fdt_addr value (strdup'd, or empty string if unset)
+ * @fdtcontroladdr: Saved fdtcontroladdr value (strdup'd, or empty)
+ */
+struct pxe_env_save {
+	char *fdt_addr;
+	char *fdtcontroladdr;
+};
+
+/**
+ * pxe_save_and_clear_fdt_env() - save and clear FDT env vars
+ *
+ * Saves the current values of fdt_addr and fdtcontroladdr, then clears
+ * them. The values are strdup'd since env_set() frees the old value,
+ * which would leave saved env_get() pointers dangling.
+ *
+ * @save: Struct to save into
+ * Return: 0 on success, -ENOMEM on allocation failure
+ */
+static int pxe_save_and_clear_fdt_env(struct pxe_env_save *save)
+{
+	save->fdt_addr = strdup(env_get("fdt_addr") ?: "");
+	save->fdtcontroladdr = strdup(env_get("fdtcontroladdr") ?: "");
+	if (!save->fdt_addr || !save->fdtcontroladdr) {
+		free(save->fdt_addr);
+		free(save->fdtcontroladdr);
+		return -ENOMEM;
+	}
+	env_set("fdt_addr", NULL);
+	env_set("fdtcontroladdr", NULL);
+
+	return 0;
+}
+
+/**
+ * pxe_restore_fdt_env() - restore FDT env vars from saved state
+ *
+ * @save: Struct with saved values (freed after restore)
+ */
+static void pxe_restore_fdt_env(struct pxe_env_save *save)
+{
+	env_set("fdt_addr", *save->fdt_addr ? save->fdt_addr : NULL);
+	env_set("fdtcontroladdr",
+		*save->fdtcontroladdr ? save->fdtcontroladdr : NULL);
+	free(save->fdt_addr);
+	free(save->fdtcontroladdr);
+}
+
 /* Memory address for loading files */
 #define PXE_LOAD_ADDR		0x01000000
 #define PXE_KERNEL_ADDR		0x02000000
@@ -967,8 +1017,8 @@ PXE_TEST_ARGS(pxe_test_ipappend_norun, UTF_CONSOLE | UTF_MANUAL | UTF_ETH_BOOTDE
  */
 static int pxe_test_fdt_fallback(struct unit_test_state *uts)
 {
-	const char *orig_fdt_addr, *orig_fdtcontroladdr;
 	ulong kern_addr = 0x1000000;
+	struct pxe_env_save save;
 	struct pxe_label label;
 	void *kern_buf;
 
@@ -980,10 +1030,7 @@ static int pxe_test_fdt_fallback(struct unit_test_state *uts)
 	memset(&label, '\0', sizeof(label));
 
 	/* Save and clear env vars (fdtcontroladdr is set by U-Boot) */
-	orig_fdt_addr = env_get("fdt_addr");
-	orig_fdtcontroladdr = env_get("fdtcontroladdr");
-	ut_assertok(env_set("fdt_addr", NULL));
-	ut_assertok(env_set("fdtcontroladdr", NULL));
+	ut_assertok(pxe_save_and_clear_fdt_env(&save));
 
 	/* Test 1: No fallback env vars set - should return NULL */
 	ut_assertnull(pxe_get_fdt_fallback(&label, kern_addr));
@@ -1001,8 +1048,7 @@ static int pxe_test_fdt_fallback(struct unit_test_state *uts)
 	ut_asserteq_str("3000000", pxe_get_fdt_fallback(&label, kern_addr));
 
 	/* Restore env vars */
-	ut_assertok(env_set("fdt_addr", orig_fdt_addr));
-	ut_assertok(env_set("fdtcontroladdr", orig_fdtcontroladdr));
+	pxe_restore_fdt_env(&save);
 
 	return 0;
 }
@@ -1144,10 +1190,10 @@ static int pxe_alloc_getfile(struct pxe_context *ctx, const char *file_path,
  */
 static int pxe_test_alloc_norun(struct unit_test_state *uts)
 {
-	const char *orig_fdt_addr, *orig_fdtcontroladdr;
 	const char *fs_image = ut_str(PXE_ARG_FS_IMAGE);
 	const char *cfg_path = ut_str(PXE_ARG_CFG_PATH);
 	struct pxe_alloc_info info;
+	struct pxe_env_save save;
 	struct pxe_context ctx;
 	ulong addr;
 	int ret;
@@ -1162,10 +1208,7 @@ static int pxe_test_alloc_norun(struct unit_test_state *uts)
 	ut_assertok(run_commandf("host bind 0 %s", fs_image));
 
 	/* Save and clear FDT fallback env vars (fdtcontroladdr is set at boot) */
-	orig_fdt_addr = env_get("fdt_addr");
-	orig_fdtcontroladdr = env_get("fdtcontroladdr");
-	ut_assertok(env_set("fdt_addr", NULL));
-	ut_assertok(env_set("fdtcontroladdr", NULL));
+	ut_assertok(pxe_save_and_clear_fdt_env(&save));
 
 	/* Ensure address env vars are NOT set */
 	ut_assertok(env_set("kernel_addr_r", NULL));
@@ -1238,8 +1281,7 @@ static int pxe_test_alloc_norun(struct unit_test_state *uts)
 	pxe_menu_uninit(ctx.cfg);
 	pxe_destroy_ctx(&ctx);
 	ut_assertok(env_set("pxe_timeout", NULL));
-	ut_assertok(env_set("fdt_addr", orig_fdt_addr));
-	ut_assertok(env_set("fdtcontroladdr", orig_fdtcontroladdr));
+	pxe_restore_fdt_env(&save);
 
 	return 0;
 }