Martin Roth merged this change.
arch/x86: Use ssize_t to store length
size_t is the wrong type to store the return value of
acpi_device_path_fill(), since any negative error values will be
converted to a very large unsigned integer and potentially cause
buffer overflow.
Change-Id: Ia8ed62ecfac8eaa18a61545bd203b3c7a7cd9ca5
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1402095
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33962
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: HAOUAS Elyes <ehaouas@noos.fr>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
---
M src/arch/x86/acpi_device.c
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/arch/x86/acpi_device.c b/src/arch/x86/acpi_device.c
index 57fbc89..0fb8f3b 100644
--- a/src/arch/x86/acpi_device.c
+++ b/src/arch/x86/acpi_device.c
@@ -148,7 +148,7 @@
const char *acpi_device_path_join(struct device *dev, const char *name)
{
static char buf[DEVICE_PATH_MAX] = {};
- size_t len;
+ ssize_t len;
if (!dev)
return NULL;
To view, visit change 33962. To unsubscribe, or for help writing mail filters, visit settings.