Attention is currently required from: Bao Zheng, Jason Glenesk, Raul Rangel, Martin Roth, Paul Menzel, Angel Pons, Zheng Bao, Felix Held. Patrick Georgi has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/54946 )

Change subject: amdfwtool: Check length before copying string ......................................................................

Patch Set 8:

(2 comments)

File util/amdfwtool/data_parse.c:

https://review.coreboot.org/c/coreboot/+/54946/comment/533a15f5_6ede3cd5 PS8, Line 429: if (dir_len < MAX_LINE_SIZE) In a way this is a limitation of the static analysis tool: a match in a string of length <= MAX_LINE_SIZE is never longer than MAX_LINE_SIZE itself.

I _think_ an ASSERT(dir_len < MAX_LINE_SIZE); should convince it of that fact without needing error handling code that will never run.

https://review.coreboot.org/c/coreboot/+/54946/comment/6584cb75_14be5fa0 PS8, Line 456: strncpy(path_filename, dir, dir_len); It might be clearer and safer to use snprintf instead of the three str* functions.

To avoid any issues, you could extend path_filename's size to 2*MAX_LINE+2 so it covers two full length strings (which will never happen but doesn't hurt either), the slash and the terminating 0. Then use the %.*s format to print at most MAX_LINE_SIZE characters, and it should all be safe and clear. Something like:

snprintf(path_filename, MAX_LINE_SIZE*2+2, "%.*s/%.*s", MAX_LINE_SIZE, dir, MAX_LINE_SIZE, &(oneline[match[2].rm_so]));