Commit 0e3f3f8a authored by Steven Falco's avatar Steven Falco Committed by Tom Rini

Prevent null pointer dereference originating in cmd_pxe.c

Pass a valid cmdtp into do_tftpb(), do_ext2load(), and do_get_fat(), to
avoid possible crashes due to null pointer dereferencing.

Commit d7884e04 does not go far enough.
There is still at least one call chain that can result in a crash.

The do_tftpb(), do_ext2load(), and do_get_fat() functions expect a valid
cmdtp.  Passing in NULL is particularly bad in the do_tftpb() case,
because eventually boot_get_kernel() will be called with a NULL cmdtp:

do_tftpb() -> netboot_common() -> bootm_maybe_autostart() -> do_bootm()
-> do_bootm_states() -> bootm_find_os() -> boot_get_kernel()

Around line 991 in cmd_bootm.c, boot_get_kernel() will dereference the
null pointer, and the board will crash.
Signed-off-by: default avatarSteven A. Falco <>
parent 16641d52
This diff is collapsed.
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment