From 2f79d0c3b32660b25bd9c89e7f9474c92f86c644 Mon Sep 17 00:00:00 2001
From: topjohnwu <topjohnwu@gmail.com>
Date: Sun, 31 Dec 2017 19:30:56 +0800
Subject: [PATCH] Fix segfault while patching dtb

---
 core/jni/magiskboot/dtb.c | 13 +++++++++++--
 core/jni/utils/pattern.c  |  6 ++++--
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/core/jni/magiskboot/dtb.c b/core/jni/magiskboot/dtb.c
index c1106d826..37e52d892 100644
--- a/core/jni/magiskboot/dtb.c
+++ b/core/jni/magiskboot/dtb.c
@@ -78,8 +78,17 @@ static void dtb_patch(const char *file, int patch) {
 				fdt_for_each_subnode(block, fdt, fstab) {
 					fprintf(stderr, "Found block [%s] in fstab\n", fdt_get_name(fdt, block, NULL));
 					uint32_t value_size;
-					void *value = (char *) fdt_getprop(fdt, block, "fsmgr_flags", &value_size);
-					found |= patch_verity(&value, &value_size, patch);
+					void *value = (void *) fdt_getprop(fdt, block, "fsmgr_flags", &value_size);
+					if (patch) {
+						void *dup = xmalloc(value_size);
+						memcpy(dup, value, value_size);
+						memset(value, 0, value_size);
+						found |= patch_verity(&dup, &value_size, 1);
+						memcpy(value, dup, value_size);
+						free(dup);
+					} else {
+						found |= patch_verity(&value, &value_size, 0);
+					}
 				}
 			}
 		}
diff --git a/core/jni/utils/pattern.c b/core/jni/utils/pattern.c
index a3209146e..f69a3630a 100644
--- a/core/jni/utils/pattern.c
+++ b/core/jni/utils/pattern.c
@@ -72,8 +72,10 @@ int patch_verity(void **buf, uint32_t *size, int patch) {
 		if (patch)
 			patched[write] = src[read];
 	}
-	free(*buf);
-	*buf = patched;
+	if (patch) {
+		free(*buf);
+		*buf = patched;
+	}
 	return 0;
 }