[coreboot-gerrit] New patch to review for coreboot: 222a25b ifdtool: Provide bounds on string parser
Patrick Georgi (patrick@georgi-clan.de)
gerrit at coreboot.org
Sat Aug 9 17:13:28 CEST 2014
Patrick Georgi (patrick at georgi-clan.de) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/6562
-gerrit
commit 222a25bd891bd28c824b714b8a4f8239222a15a4
Author: Patrick Georgi <patrick at georgi-clan.de>
Date: Sat Aug 9 17:12:23 2014 +0200
ifdtool: Provide bounds on string parser
While the result will not be pretty (ie. ifdtool will
mis-parse string components longer than 255 characters),
at least it doesn't overflow stack variables anymore.
Change-Id: I263c5cf823a2d8a863dcece7c4ee0b26475f9fc4
Found-by: Coverity Scan
Signed-off-by: Patrick Georgi <patrick at georgi-clan.de>
---
util/ifdtool/ifdtool.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/ifdtool/ifdtool.c b/util/ifdtool/ifdtool.c
index c478550..625d650 100644
--- a/util/ifdtool/ifdtool.c
+++ b/util/ifdtool/ifdtool.c
@@ -761,7 +761,7 @@ void new_layout(char *filename, char *image, int size, char *layout_fname)
while (!feof(romlayout)) {
char *tstr1, *tstr2;
- if (2 != fscanf(romlayout, "%s %s\n", tempstr,
+ if (2 != fscanf(romlayout, "%255s %255s\n", tempstr,
layout_region_name))
continue;
More information about the coreboot-gerrit
mailing list