Attention is currently required from: Jason Glenesk, Raul Rangel, Martin Roth, Paul Menzel, Angel Pons, Zheng Bao, Felix Held.
Bao Zheng has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/54946 )
Change subject: amdfwtool: Check lenth before copying string
......................................................................
Patch Set 7:
(3 comments)
File util/amdfwtool/data_parse.c:
https://review.coreboot.org/c/coreboot/+/54946/comment/ed009ae4_ff1cc552
PS5, Line 411: int
Why `int`? Can the length ever be negative?
Done
https://review.coreboot.org/c/coreboot/+/54946/comment/4fff2f99_71bb1a2a
PS5, Line 426: dir_len = match[2].rm_eo - match[2].rm_so;
If the line is too long, a buffer overflow will still happen. […]
Done
https://review.coreboot.org/c/coreboot/+/54946/comment/431a1103_c3864793
PS5, Line 448: malloc(MAX_LINE_SIZE)
I can see two issues here: […]
Done.
The allocated buffers are freed at free_psp_firmware_filenames
--
To view, visit
https://review.coreboot.org/c/coreboot/+/54946
To unsubscribe, or for help writing mail filters, visit
https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I609d9ce405d01c57b1847a6310630ea0341e13be
Gerrit-Change-Number: 54946
Gerrit-PatchSet: 7
Gerrit-Owner: Bao Zheng
fishbaozi@gmail.com
Gerrit-Reviewer: Angel Pons
th3fanbus@gmail.com
Gerrit-Reviewer: Felix Held
felix-coreboot@felixheld.de
Gerrit-Reviewer: Jason Glenesk
jason.glenesk@gmail.com
Gerrit-Reviewer: Marshall Dawson
marshalldawson3rd@gmail.com
Gerrit-Reviewer: Martin Roth
martinroth@google.com
Gerrit-Reviewer: Raul Rangel
rrangel@chromium.org
Gerrit-Reviewer: Zheng Bao
Gerrit-Reviewer: build bot (Jenkins)
no-reply@coreboot.org
Gerrit-CC: Paul Menzel
paulepanter@mailbox.org
Gerrit-Attention: Jason Glenesk
jason.glenesk@gmail.com
Gerrit-Attention: Raul Rangel
rrangel@chromium.org
Gerrit-Attention: Martin Roth
martinroth@google.com
Gerrit-Attention: Paul Menzel
paulepanter@mailbox.org
Gerrit-Attention: Angel Pons
th3fanbus@gmail.com
Gerrit-Attention: Zheng Bao
Gerrit-Attention: Felix Held
felix-coreboot@felixheld.de
Gerrit-Comment-Date: Wed, 09 Jun 2021 10:13:20 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Angel Pons
th3fanbus@gmail.com
Gerrit-MessageType: comment