[coreboot-gerrit] Change in ...coreboot[master]: src/driver/vpd: Check decoded content length before invoking callback

Hung-Te Lin has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/33016 )

Change subject: src/driver/vpd: Check decoded content length before invoking callback ......................................................................

Patch Set 2:

(3 comments)

https://review.coreboot.org/#/c/33016/2/src/drivers/vpd/lib_vpd.c File src/drivers/vpd/lib_vpd.c:

https://review.coreboot.org/#/c/33016/2/src/drivers/vpd/lib_vpd.c@82 PS2, Line 82: <=

Just wondering, is there any good reason for key_len to be signed?

no, I think it's just because the library was created in that way...

https://review.coreboot.org/#/c/33016/2/src/drivers/vpd/lib_vpd.c@83 PS2, Line 83: decoded_len

If decoded_len is signed, we might also want to fail on decoded_len < 0 here?

decode_len is almost impossible to be <0 since it's the accumulated value by looping within max_len. Since max_len is signed then decoded_len will never be over range of signed.

https://review.coreboot.org/#/c/33016/2/src/drivers/vpd/lib_vpd.c@96 PS2, Line 96: >

Why is this >= above, but > here?

because key_len >= 1 while value_len >= 0.