Attention is currently required from: Felix Singer, Nico Huber, Paul Menzel, Angel Pons.
Utkarsh Verma has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/74128 )
Change subject: arch/x86/smbios: Avoid buffer overflows ......................................................................
Patch Set 4:
(2 comments)
File src/arch/x86/smbios.c:
https://review.coreboot.org/c/coreboot/+/74128/comment/108a8608_bc3cc956 PS4, Line 148: char string_buffer[15];
How exactly does reducing the buffer size avoid buffer overflows? It would only seem to make them mo […]
Yeah, this specific case would be fine I guess. I was updating the format specifiers for the snprintf calls, and I realized that the buffer didn't need to be that big, so I made that change.
As for the Coverity warning, I suspect smbios_add_string is triggering it. Because `t->eos` is allocated indirectly and coverity probably thinks that it is only a two char buffer.
https://review.coreboot.org/c/coreboot/+/74128/comment/b31719c2_6dac2cb1 PS4, Line 552: static unsigned short cnt = 0;
Why change the type?
`buf` is only 8 bytes long, so `cnt` should not occupy more than 4 bytes. This would only be okay for a `uint8_t`.
So, it should actually be `static unsigned short short cnt`. It seems I probably need to update it.