Joel Kitching has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33016 )
Change subject: src/driver/vpd: Check decoded content length before invoking callback ......................................................................
Patch Set 2:
(3 comments)
https://review.coreboot.org/#/c/33016/2/src/drivers/vpd/lib_vpd.c File src/drivers/vpd/lib_vpd.c:
https://review.coreboot.org/#/c/33016/2/src/drivers/vpd/lib_vpd.c@82 PS2, Line 82: <= Just wondering, is there any good reason for key_len to be signed?
https://review.coreboot.org/#/c/33016/2/src/drivers/vpd/lib_vpd.c@83 PS2, Line 83: decoded_len If decoded_len is signed, we might also want to fail on decoded_len < 0 here?
https://review.coreboot.org/#/c/33016/2/src/drivers/vpd/lib_vpd.c@96 PS2, Line 96: > Why is this >= above, but > here?