Martin Roth has submitted this change and it was merged. ( https://review.coreboot.org/c/coreboot/+/33962 )
Change subject: arch/x86: Use ssize_t to store length ......................................................................
arch/x86: Use ssize_t to store length
size_t is the wrong type to store the return value of acpi_device_path_fill(), since any negative error values will be converted to a very large unsigned integer and potentially cause buffer overflow.
Change-Id: Ia8ed62ecfac8eaa18a61545bd203b3c7a7cd9ca5 Signed-off-by: Jacob Garber jgarber1@ualberta.ca Found-by: Coverity CID 1402095 Reviewed-on: https://review.coreboot.org/c/coreboot/+/33962 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: HAOUAS Elyes ehaouas@noos.fr Reviewed-by: Paul Menzel paulepanter@users.sourceforge.net --- M src/arch/x86/acpi_device.c 1 file changed, 1 insertion(+), 1 deletion(-)
Approvals: build bot (Jenkins): Verified Paul Menzel: Looks good to me, but someone else must approve HAOUAS Elyes: Looks good to me, approved
diff --git a/src/arch/x86/acpi_device.c b/src/arch/x86/acpi_device.c index 57fbc89..0fb8f3b 100644 --- a/src/arch/x86/acpi_device.c +++ b/src/arch/x86/acpi_device.c @@ -148,7 +148,7 @@ const char *acpi_device_path_join(struct device *dev, const char *name) { static char buf[DEVICE_PATH_MAX] = {}; - size_t len; + ssize_t len;
if (!dev) return NULL;