| Message ID | 20260416023021.626949-34-sjg@u-boot.org |
|---|---|
| State | New |
| Headers |
Return-Path: <concept-bounces+u-boot-concept=u-boot.org@u-boot.org> X-Original-To: u-boot-concept@u-boot.org Delivered-To: u-boot-concept@u-boot.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1776306691; bh=E5pGdFQd2vKDxs2BB8dSDfQ1ZCfDp+0UwGflN/d4KCQ=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=hRbDBhDadzVSfQv6sGc7n5QsBPGki/DBSZMADPlKP3tOD1L/kVm2pIsyu1A4aMZPX vOZ4lf5vW+EjxcLSx6VsA09u6uaFPFam91jzQKsnSR/rq/YV/w4rtoJSoFyNWFF0eJ JEn5EJXulqH55rWzov0icm7NGguc9zRaxJkReh0Q= Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id CC2B86A4AE for <u-boot-concept@u-boot.org>; Wed, 15 Apr 2026 20:31:31 -0600 (MDT) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP id i4oWArDtG0iz for <u-boot-concept@u-boot.org>; Wed, 15 Apr 2026 20:31:31 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1776306690; bh=E5pGdFQd2vKDxs2BB8dSDfQ1ZCfDp+0UwGflN/d4KCQ=; h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id: List-Archive:List-Help:List-Owner:List-Post:List-Subscribe: List-Unsubscribe:From; b=AziYjCzNXTD3MRsBYdZnAHX5n0mO8LosEPKjm6yf8Efuc8CANCxmD1naiQ3UA5+Gx FbIsHQ1NELAmIOCH9rF6GCIvOO8OiF2b0FpsR8eOiOu2D5P3b37EgLipM6kw5VzG2i lB32A6tKRETN17Y0uasjsrsHqGUA9cEdE0jW5uAw= Received: from mail.u-boot.org (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 0C7C86A4BC for <u-boot-concept@u-boot.org>; Wed, 15 Apr 2026 20:31:30 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1776306686; bh=xhZAgdT0NEWzEbfRPwPztGM+/Q1pSK88toHYy1yDYbU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EuaAAQUNtOrUpPS0Q9TYIpR6aRqiWKv5GNusDEROAuz8UlZrIv0bsRYPbwYz5RH/t YIXZYSXVxEIpVenLa5YMQZZKAmJB/G6/frccL6rBROueRCCzzojQUlPYa/un3UjWKx NIvWTjwDCfpMLAQ+f7+1dQLFU/o5xKCQQOYPz9BE= Received: from localhost (localhost [127.0.0.1]) by mail.u-boot.org (Postfix) with ESMTP id 77ADA6A4DC; Wed, 15 Apr 2026 20:31:26 -0600 (MDT) X-Virus-Scanned: Debian amavis at Received: from mail.u-boot.org ([127.0.0.1]) by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP id srL9FE2HzRPi; Wed, 15 Apr 2026 20:31:26 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org; s=default; t=1776306684; bh=+4OXnGcg9HFb9HHs8LdTv1H/hAUw6RTkNVlEN9vXiwg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Bsp28H7wfE/7IFX2uod2fS9cgi7pr1MX4ihXe5wEsFuZ8P/XK6V2LFEYWMeD1nSxI m20gU5BFcnlVo6q3Obu83ehTzQQhjnnjca/ucMN/BDLo/Oy94gyK9WBbjFu/8AjzGb JSGEa8LI4AjCsT0tDJ10nWnG9jAka6p9tSaC/Eb8= Received: from u-boot.org (unknown [73.34.74.121]) by mail.u-boot.org (Postfix) with ESMTPSA id 13AB66A4B8; Wed, 15 Apr 2026 20:31:24 -0600 (MDT) From: Simon Glass <sjg@u-boot.org> To: U-Boot Concept <concept@u-boot.org> Date: Wed, 15 Apr 2026 20:29:58 -0600 Message-ID: <20260416023021.626949-34-sjg@u-boot.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260416023021.626949-1-sjg@u-boot.org> References: <20260416023021.626949-1-sjg@u-boot.org> MIME-Version: 1.0 Message-ID-Hash: D6GJCLONBOPOP7IOLWDXVX2BIGVDT5XJ X-Message-ID-Hash: D6GJCLONBOPOP7IOLWDXVX2BIGVDT5XJ X-MailFrom: sjg@u-boot.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Simon Glass <sjg@chromium.org> X-Mailman-Version: 3.3.10 Precedence: list Subject: [Concept] [PATCH 33/33] test: Clear bootstd cur_bootflow after each test List-Id: Discussion and patches related to U-Boot Concept <concept.u-boot.org> Archived-At: <https://lists.u-boot.org/archives/list/concept@u-boot.org/message/D6GJCLONBOPOP7IOLWDXVX2BIGVDT5XJ/> List-Archive: <https://lists.u-boot.org/archives/list/concept@u-boot.org/> List-Help: <mailto:concept-request@u-boot.org?subject=help> List-Owner: <mailto:concept-owner@u-boot.org> List-Post: <mailto:concept@u-boot.org> List-Subscribe: <mailto:concept-join@u-boot.org> List-Unsubscribe: <mailto:concept-leave@u-boot.org> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit |
| Series |
Fix memory leaks and test pollution in sandbox tests
|
|
Commit Message
Simon Glass
April 16, 2026, 2:29 a.m. UTC
From: Simon Glass <sjg@chromium.org> bootflow_efi and similar tests run 'bootflow select N', which stores a pointer to an entry of std->bootflows in std->cur_bootflow. The bootflow alist holds its elements in one allocated buffer and reallocs that buffer (dropping the old one, which mcheck flood-fills with 0xf5) when the list grows. A later test can then re-grow the alist, leaving cur_bootflow dangling. ut_measurement_measure hits this: env_set("bootargs", ...) fires the on_bootargs callback which reads std->cur_bootflow, tries to free bflow->cmdline, and segfaults on the flood-filled pointer. Reset cur_bootflow to NULL in test_post_run() so no test leaves a dangling reference behind. on_bootargs already returns early when cur_bootflow is NULL, so the callback becomes a no-op instead of a use-after-free. Signed-off-by: Simon Glass <sjg@chromium.org> --- test/test-main.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
diff --git a/test/test-main.c b/test/test-main.c index fc66b2af0d0..a8ec76ab8ad 100644 --- a/test/test-main.c +++ b/test/test-main.c @@ -8,6 +8,7 @@ #include <blk.h> #include <bootstage.h> +#include <bootstd.h> #include <console.h> #include <cyclic.h> #include <dm.h> @@ -608,9 +609,24 @@ static int test_pre_run(struct unit_test_state *uts, struct unit_test *test) */ static int test_post_run(struct unit_test_state *uts, struct unit_test *test) { + struct bootstd_priv *std; + ut_unsilence_console(uts); if (test->flags & UTF_DM) ut_assertok(dm_test_post_run(uts)); + + /* + * Drop any reference to the currently selected bootflow. The bootflow + * may be inside an alist buffer that a later test re-grows (and + * therefore frees); leaving the pointer behind turns the on_bootargs + * env callback into a use-after-free. + */ + if (CONFIG_IS_ENABLED(BOOTSTD)) { + std = bootstd_try_priv(); + if (std) + std->cur_bootflow = NULL; + } + ut_assertok(cyclic_unregister_all()); ut_assertok(event_uninit());