57 lines
2.0 KiB
Diff
57 lines
2.0 KiB
Diff
From f22f408956bf02609a96b7d72fb3321da159bfc6 Mon Sep 17 00:00:00 2001
|
|
From: Nico Huber <nico.huber@secunet.com>
|
|
Date: Tue, 22 Jun 2021 13:49:44 +0000
|
|
Subject: [PATCH 1/1] cbfstool: Make use of spurious null-termination
|
|
|
|
The null-termination of `filetypes` was added after the code was
|
|
written, obviously resulting in NULL dereferences. As some more
|
|
code has grown around the termination, it's hard to revert the
|
|
regression, so let's update the code that still used the array
|
|
length.
|
|
|
|
This fixes commit 7f5f9331d1 (util/cbfstool: fix buffer over-read)
|
|
which actually did fix something, but only one path while it broke
|
|
two others. We should be careful with fixes, they can always break
|
|
something else. Especially when a dumb tool triggered the patching
|
|
it seems likely that fewer people looked into related code.
|
|
|
|
Change-Id: If2ece1f5ad62952ed2e57769702e318ba5468f0c
|
|
Signed-off-by: Nico Huber <nico.huber@secunet.com>
|
|
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55763
|
|
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
|
|
Reviewed-by: Julius Werner <jwerner@chromium.org>
|
|
---
|
|
util/cbfstool/common.c | 8 ++++----
|
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/util/cbfstool/common.c b/util/cbfstool/common.c
|
|
index e2ed38ffc4..539d0baccf 100644
|
|
--- a/util/cbfstool/common.c
|
|
+++ b/util/cbfstool/common.c
|
|
@@ -168,10 +168,10 @@ void print_supported_architectures(void)
|
|
|
|
void print_supported_filetypes(void)
|
|
{
|
|
- int i, number = ARRAY_SIZE(filetypes);
|
|
+ int i;
|
|
|
|
- for (i=0; i<number; i++) {
|
|
- printf(" %s%c", filetypes[i].name, (i==(number-1))?'\n':',');
|
|
+ for (i=0; filetypes[i].name; i++) {
|
|
+ printf(" %s%c", filetypes[i].name, filetypes[i + 1].name ? ',' : '\n');
|
|
if ((i%8) == 7)
|
|
printf("\n");
|
|
}
|
|
@@ -180,7 +180,7 @@ void print_supported_filetypes(void)
|
|
uint64_t intfiletype(const char *name)
|
|
{
|
|
size_t i;
|
|
- for (i = 0; i < (sizeof(filetypes) / sizeof(struct typedesc_t)); i++)
|
|
+ for (i = 0; filetypes[i].name; i++)
|
|
if (strcmp(filetypes[i].name, name) == 0)
|
|
return filetypes[i].type;
|
|
return -1;
|
|
--
|
|
2.39.2
|
|
|