Hello Paul Menzel, Michael Niewöhner,
I'd like you to do a code review. Please visit
https://review.coreboot.org/c/coreboot/+/48074
to review the following change.
Change subject: spi/flashconsole: Fix internal buffer overflow ......................................................................
spi/flashconsole: Fix internal buffer overflow
Once the console's FMAP region is full, we stop clearing the line buffer and `line_offset` is not reset anymore. Hence, sanity check `line_offset` everytime before writing to the buffer.
Change-Id: I36e9037d7baf8c1ed8b2d0c120bfffa58c089c95 Signed-off-by: Nico Huber nico.huber@secunet.com --- M src/drivers/spi/flashconsole.c 1 file changed, 2 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/74/48074/1
diff --git a/src/drivers/spi/flashconsole.c b/src/drivers/spi/flashconsole.c index 654177f..d5c4382 100644 --- a/src/drivers/spi/flashconsole.c +++ b/src/drivers/spi/flashconsole.c @@ -75,7 +75,8 @@
size_t region_size = region_device_sz(rdev_ptr);
- line_buffer[line_offset++] = c; + if (line_offset < LINE_BUFFER_SIZE) + line_buffer[line_offset++] = c;
if (line_offset >= LINE_BUFFER_SIZE || offset + line_offset >= region_size || c == '\n') {
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/48074 )
Change subject: spi/flashconsole: Fix internal buffer overflow ......................................................................
Patch Set 1: Code-Review+1
(1 comment)
Tested on Clevo N240BU with a filled buffer.
https://review.coreboot.org/c/coreboot/+/48074/1//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/48074/1//COMMIT_MSG@9 PS1, Line 9: Once the console's FMAP region is full, we stop clearing the line : buffer and `line_offset` is not reset anymore Maybe mention the problem too:
… possibly resulting in a boot hang.
Michael Niewöhner has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/48074 )
Change subject: spi/flashconsole: Fix internal buffer overflow ......................................................................
Patch Set 1: Code-Review+2
Angel Pons has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/48074 )
Change subject: spi/flashconsole: Fix internal buffer overflow ......................................................................
Patch Set 1: Code-Review+1
Hello build bot (Jenkins), Paul Menzel, Angel Pons, Michael Niewöhner,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/48074
to look at the new patch set (#2).
Change subject: spi/flashconsole: Fix internal buffer overflow ......................................................................
spi/flashconsole: Fix internal buffer overflow
Once the console's FMAP region is full, we stop clearing the line buffer and `line_offset` is not reset anymore. Hence, sanity check `line_offset` everytime before writing to the buffer.
The issue resulted in boot hangs and potentially a brick if the log was very verbose.
Change-Id: I36e9037d7baf8c1ed8b2d0c120bfffa58c089c95 Signed-off-by: Nico Huber nico.huber@secunet.com --- M src/drivers/spi/flashconsole.c 1 file changed, 2 insertions(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/74/48074/2
Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/48074 )
Change subject: spi/flashconsole: Fix internal buffer overflow ......................................................................
Patch Set 2:
(1 comment)
https://review.coreboot.org/c/coreboot/+/48074/1//COMMIT_MSG Commit Message:
https://review.coreboot.org/c/coreboot/+/48074/1//COMMIT_MSG@9 PS1, Line 9: Once the console's FMAP region is full, we stop clearing the line : buffer and `line_offset` is not reset anymore
Maybe mention the problem too: […]
We could add that to any problem that results in undefined behavior...
Nico Huber has submitted this change. ( https://review.coreboot.org/c/coreboot/+/48074 )
Change subject: spi/flashconsole: Fix internal buffer overflow ......................................................................
spi/flashconsole: Fix internal buffer overflow
Once the console's FMAP region is full, we stop clearing the line buffer and `line_offset` is not reset anymore. Hence, sanity check `line_offset` everytime before writing to the buffer.
The issue resulted in boot hangs and potentially a brick if the log was very verbose.
Change-Id: I36e9037d7baf8c1ed8b2d0c120bfffa58c089c95 Signed-off-by: Nico Huber nico.huber@secunet.com Reviewed-on: https://review.coreboot.org/c/coreboot/+/48074 Reviewed-by: Paul Menzel paulepanter@users.sourceforge.net Reviewed-by: Michael Niewöhner foss@mniewoehner.de Reviewed-by: Angel Pons th3fanbus@gmail.com Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/drivers/spi/flashconsole.c 1 file changed, 2 insertions(+), 1 deletion(-)
Approvals: build bot (Jenkins): Verified Paul Menzel: Looks good to me, but someone else must approve Angel Pons: Looks good to me, but someone else must approve Michael Niewöhner: Looks good to me, approved
diff --git a/src/drivers/spi/flashconsole.c b/src/drivers/spi/flashconsole.c index 654177f..d5c4382 100644 --- a/src/drivers/spi/flashconsole.c +++ b/src/drivers/spi/flashconsole.c @@ -75,7 +75,8 @@
size_t region_size = region_device_sz(rdev_ptr);
- line_buffer[line_offset++] = c; + if (line_offset < LINE_BUFFER_SIZE) + line_buffer[line_offset++] = c;
if (line_offset >= LINE_BUFFER_SIZE || offset + line_offset >= region_size || c == '\n') {
-
Angel Pons (Code Review) -
Michael Niewöhner (Code Review)
-
Nico Huber (Code Review)
-
Paul Menzel (Code Review)