Attention is currently required from: Nico Huber, Edward O'Callaghan, Angel Pons.
Julius Werner has posted comments on this change. ( https://review.coreboot.org/c/flashrom/+/61545 )
Change subject: fmap.c: Avoid undefined behaviour with fmap_lsearch([len:=0])
......................................................................
Patch Set 2: Code-Review+2
--
To view, visit https://review.coreboot.org/c/flashrom/+/61545
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: flashrom
Gerrit-Branch: master
Gerrit-Change-Id: Ifb408c55c3b69ddff453dcc704b7389298050473
Gerrit-Change-Number: 61545
Gerrit-PatchSet: 2
Gerrit-Owner: Edward O'Callaghan <quasisec(a)chromium.org>
Gerrit-Reviewer: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org>
Gerrit-Reviewer: Nico Huber <nico.h(a)gmx.de>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Nico Huber <nico.h(a)gmx.de>
Gerrit-Attention: Edward O'Callaghan <quasisec(a)chromium.org>
Gerrit-Attention: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Comment-Date: Wed, 02 Feb 2022 23:48:53 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment
Attention is currently required from: Nico Huber, Angel Pons, Julius Werner.
Edward O'Callaghan has posted comments on this change. ( https://review.coreboot.org/c/flashrom/+/61545 )
Change subject: fmap.c: Avoid undefined behaviour with fmap_lsearch([len:=0])
......................................................................
Patch Set 1:
(2 comments)
File fmap.c:
https://review.coreboot.org/c/flashrom/+/61545/comment/cb96c3e4_1f726393
PS1, Line 99: if (len == 0)
> +1 we should simply check that the calculation below doesn't overflow.
sure, the predicate is more precisely:
`if ((len < sizeof(struct fmap)) return -1;`
https://review.coreboot.org/c/flashrom/+/61545/comment/53e5ad73_ba69f67e
PS1, Line 102: (off_t)(len - sizeof(struct fmap)
> Hrmm, I added this cast at some point, but it doesn't seem to fix the […]
That is right. Rather than fixing via type coercion's, a more explicit function parameter validation in the preamble seems sensible. It's not like C's type-system is so rich to allow for bounding the functions domain rigorously imho.
--
To view, visit https://review.coreboot.org/c/flashrom/+/61545
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: flashrom
Gerrit-Branch: master
Gerrit-Change-Id: Ifb408c55c3b69ddff453dcc704b7389298050473
Gerrit-Change-Number: 61545
Gerrit-PatchSet: 1
Gerrit-Owner: Edward O'Callaghan <quasisec(a)chromium.org>
Gerrit-Reviewer: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org>
Gerrit-Reviewer: Nico Huber <nico.h(a)gmx.de>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Nico Huber <nico.h(a)gmx.de>
Gerrit-Attention: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Attention: Julius Werner <jwerner(a)chromium.org>
Gerrit-Comment-Date: Wed, 02 Feb 2022 23:45:16 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Nico Huber <nico.h(a)gmx.de>
Comment-In-Reply-To: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-MessageType: comment
Attention is currently required from: Edward O'Callaghan, Angel Pons, Julius Werner.
Hello build bot (Jenkins), Nico Huber, Julius Werner, Angel Pons,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/flashrom/+/61545
to look at the new patch set (#2).
Change subject: fmap.c: Avoid undefined behaviour with fmap_lsearch([len:=0])
......................................................................
fmap.c: Avoid undefined behaviour with fmap_lsearch([len:=0])
Calling libflashrom entry-points that internally dispatch to
fmap_lsearch() can result in a integer overflow. Therefore
validate the length paramter before attempting to use it.
BUG=none
TEST=`make`
Change-Id: Ifb408c55c3b69ddff453dcc704b7389298050473
Signed-off-by: Edward O'Callaghan <quasisec(a)google.com>
Spotted-by: Julius Werner <jwerner(a)chromium.org>
---
M fmap.c
1 file changed, 3 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/flashrom refs/changes/45/61545/2
--
To view, visit https://review.coreboot.org/c/flashrom/+/61545
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: flashrom
Gerrit-Branch: master
Gerrit-Change-Id: Ifb408c55c3b69ddff453dcc704b7389298050473
Gerrit-Change-Number: 61545
Gerrit-PatchSet: 2
Gerrit-Owner: Edward O'Callaghan <quasisec(a)chromium.org>
Gerrit-Reviewer: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Reviewer: Julius Werner <jwerner(a)chromium.org>
Gerrit-Reviewer: Nico Huber <nico.h(a)gmx.de>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-Attention: Edward O'Callaghan <quasisec(a)chromium.org>
Gerrit-Attention: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Attention: Julius Werner <jwerner(a)chromium.org>
Gerrit-MessageType: newpatchset
Attention is currently required from: Felix Singer, Edward O'Callaghan, Angel Pons, Anastasia Klimchuk, Nikolai Artemiev, Nicholas Chin.
Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/flashrom/+/58735 )
Change subject: ichspi: Split very long init function into two
......................................................................
Patch Set 9:
(1 comment)
Patchset:
PS9:
Thanks for patience, testing and everything folks!
--
To view, visit https://review.coreboot.org/c/flashrom/+/58735
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: flashrom
Gerrit-Branch: master
Gerrit-Change-Id: I6789bc456a4878e6555831ae0b80ecbdbf62938b
Gerrit-Change-Number: 58735
Gerrit-PatchSet: 9
Gerrit-Owner: Anastasia Klimchuk <aklm(a)chromium.org>
Gerrit-Reviewer: Anastasia Klimchuk <aklm(a)chromium.org>
Gerrit-Reviewer: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Reviewer: Edward O'Callaghan <quasisec(a)chromium.org>
Gerrit-Reviewer: Nicholas Chin <nic.c3.14(a)gmail.com>
Gerrit-Reviewer: Nico Huber <nico.h(a)gmx.de>
Gerrit-Reviewer: Nikolai Artemiev <nartemiev(a)google.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-CC: Felix Singer <felixsinger(a)posteo.net>
Gerrit-CC: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Attention: Felix Singer <felixsinger(a)posteo.net>
Gerrit-Attention: Edward O'Callaghan <quasisec(a)chromium.org>
Gerrit-Attention: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Attention: Anastasia Klimchuk <aklm(a)chromium.org>
Gerrit-Attention: Nikolai Artemiev <nartemiev(a)google.com>
Gerrit-Attention: Nicholas Chin <nic.c3.14(a)gmail.com>
Gerrit-Comment-Date: Wed, 02 Feb 2022 21:51:20 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment
Attention is currently required from: Felix Singer, Angel Pons, Anastasia Klimchuk, Nikolai Artemiev.
Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/flashrom/+/58737 )
Change subject: ichspi: Extract initialisation of swseq and hwseq into a function
......................................................................
Patch Set 10: Code-Review+2
--
To view, visit https://review.coreboot.org/c/flashrom/+/58737
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: flashrom
Gerrit-Branch: master
Gerrit-Change-Id: I7d62b1b380e497b82dcae1284d752204cc541bd3
Gerrit-Change-Number: 58737
Gerrit-PatchSet: 10
Gerrit-Owner: Anastasia Klimchuk <aklm(a)chromium.org>
Gerrit-Reviewer: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Reviewer: Edward O'Callaghan <quasisec(a)chromium.org>
Gerrit-Reviewer: Nico Huber <nico.h(a)gmx.de>
Gerrit-Reviewer: Nikolai Artemiev <nartemiev(a)google.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply(a)coreboot.org>
Gerrit-CC: Felix Singer <felixsinger(a)posteo.net>
Gerrit-CC: Paul Menzel <paulepanter(a)mailbox.org>
Gerrit-Attention: Felix Singer <felixsinger(a)posteo.net>
Gerrit-Attention: Angel Pons <th3fanbus(a)gmail.com>
Gerrit-Attention: Anastasia Klimchuk <aklm(a)chromium.org>
Gerrit-Attention: Nikolai Artemiev <nartemiev(a)google.com>
Gerrit-Comment-Date: Wed, 02 Feb 2022 21:44:04 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
Gerrit-MessageType: comment