cmd: gpt: Fix freeing gpt_pte in gpt_verify()

In case when either gpt_verify_headers() or gpt_verify_partitions()
fails, the memory allocated for gpt_pte will be freed in those functions
internally, but gpt_pte will still contain non-NULL dangling pointer.
The attempt to free it in those cases in gpt_verify() leads to "use
after free" error, which leads to a "Synchronous abort" exception.

This issue was found by running the next command on the device with
incorrect partition table:

    => gpt verify mmc 0 $partitions

which results to:

    No partition list provided - only basic check
    "Synchronous Abort" handler, esr 0x96000021, far 0xba247bff
    ....

Fix the issue by only freeing gpt_pte if none of those functions failed.

Fixes: bbb9ffac6066 ("gpt: command: Extend gpt command to support GPT table verification")
Signed-off-by: Sam Protsenko <semen.protsenko@linaro.org>

1 files changed, 2 insertions, 1 deletions

diff --git a/cmd/gpt.c b/cmd/gpt.c
index 36b112d597..aeabd19dd7 100644
--- a/cmd/gpt.c
+++ b/cmd/gpt.c
@@ -682,7 +682,8 @@ static int gpt_verify(struct blk_desc *blk_dev_desc, const char *str_part)
 	free(str_disk_guid);
 	free(partitions);
  out:
-	free(gpt_pte);
+	if (!ret)
+		free(gpt_pte);
 	return ret;
 }