Nico Huber has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/55763 )

Change subject: cbfstool: Make use of spurious null-termination ......................................................................

cbfstool: Make use of spurious null-termination

The null-termination of `filetypes` was added after the code was written, obviously resulting in NULL dereferences. As some more code has grown around the termination, it's hard to revert the regression, so let's update the code that still used the array length.

This fixes commit 7f5f9331d1 (util/cbfstool: fix buffer over-read) which actually did fix something, but only one path while it broke two others. I hope it can teach us not to merge patches just because they pretend to fix something. Especially when a dumb tool told us to!

Change-Id: If2ece1f5ad62952ed2e57769702e318ba5468f0c Signed-off-by: Nico Huber nico.huber@secunet.com --- M util/cbfstool/common.c 1 file changed, 4 insertions(+), 4 deletions(-)

git pull ssh://review.coreboot.org:29418/coreboot refs/changes/63/55763/1

diff --git a/util/cbfstool/common.c b/util/cbfstool/common.c index e2ed38f..539d0ba 100644 --- a/util/cbfstool/common.c +++ b/util/cbfstool/common.c @@ -168,10 +168,10 @@

void print_supported_filetypes(void) { - int i, number = ARRAY_SIZE(filetypes); + int i;

- for (i=0; i<number; i++) { - printf(" %s%c", filetypes[i].name, (i==(number-1))?'\n':','); + for (i=0; filetypes[i].name; i++) { + printf(" %s%c", filetypes[i].name, filetypes[i + 1].name ? ',' : '\n'); if ((i%8) == 7) printf("\n"); } @@ -180,7 +180,7 @@ uint64_t intfiletype(const char *name) { size_t i; - for (i = 0; i < (sizeof(filetypes) / sizeof(struct typedesc_t)); i++) + for (i = 0; filetypes[i].name; i++) if (strcmp(filetypes[i].name, name) == 0) return filetypes[i].type; return -1;