[coreboot-gerrit] New patch to review for coreboot: b4fc4fd libpayload/options: Fix out of array read.
Vladimir Serbinenko (phcoder@gmail.com)
gerrit at coreboot.org
Wed Jan 15 22:19:42 CET 2014
Vladimir Serbinenko (phcoder at gmail.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/4691
-gerrit
commit b4fc4fdbc1047201e70bae82b6491fa0b2d2d9d6
Author: Vladimir Serbinenko <phcoder at gmail.com>
Date: Wed Jan 15 22:06:56 2014 +0100
libpayload/options: Fix out of array read.
It resulted in garbage in upper bytes of numeric options.
Change-Id: I5e5d8b770ed93c7e8a1756a5ce32444b6a045bac
Signed-off-by: Vladimir Serbinenko <phcoder at gmail.com>
---
payloads/libpayload/drivers/options.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/payloads/libpayload/drivers/options.c b/payloads/libpayload/drivers/options.c
index d497c0a..70c2b17 100644
--- a/payloads/libpayload/drivers/options.c
+++ b/payloads/libpayload/drivers/options.c
@@ -310,6 +310,10 @@ int get_option_as_string(const struct nvram_accessor *nvram, struct cb_cmos_opti
return 1;
int cmos_length = (cmos_entry->length+7)/8;
+ /* ensure we have enough space for u64 */
+ if (cmos_length < 8)
+ cmos_length = 8;
+
/* extra byte to ensure 0-terminated strings */
raw = malloc(cmos_length+1);
memset(raw, 0, cmos_length+1);
More information about the coreboot-gerrit
mailing list