Attention is currently required from: Nico Huber, Angel Pons, Julius Werner. Edward O'Callaghan has posted comments on this change. ( https://review.coreboot.org/c/flashrom/+/61545 )
Change subject: fmap.c: Avoid undefined behaviour with fmap_lsearch([len:=0]) ......................................................................
Patch Set 1:
(2 comments)
File fmap.c:
https://review.coreboot.org/c/flashrom/+/61545/comment/cb96c3e4_1f726393 PS1, Line 99: if (len == 0)
+1 we should simply check that the calculation below doesn't overflow.
sure, the predicate is more precisely:
`if ((len < sizeof(struct fmap)) return -1;`
https://review.coreboot.org/c/flashrom/+/61545/comment/53e5ad73_ba69f67e PS1, Line 102: (off_t)(len - sizeof(struct fmap)
Hrmm, I added this cast at some point, but it doesn't seem to fix the […]
That is right. Rather than fixing via type coercion's, a more explicit function parameter validation in the preamble seems sensible. It's not like C's type-system is so rich to allow for bounding the functions domain rigorously imho.