Change in flashrom[master]: fmap.c: Avoid undefined behaviour with fmap_lsearch([len:=0]) - flashrom-gerrit

2 Feb 2022

Edward O'Callaghan has uploaded this change for review. ( https://review.coreboot.org/c/flashrom/+/61545 )
Change subject: fmap.c: Avoid undefined behaviour with fmap_lsearch([len:=0])
......................................................................
fmap.c: Avoid undefined behaviour with fmap_lsearch([len:=0])
Calling libflashrom entry-points that internally dispatch to
fmap_lsearch() can result in a integer overflow. Therefore
validate the length paramter before attempting to use it.
BUG=none
TEST=`make`
Change-Id: Ifb408c55c3b69ddff453dcc704b7389298050473
Signed-off-by: Edward O'Callaghan quasisec@google.com
Spotted-by: Julius Werner jwerner@chromium.org
---
M fmap.c
1 file changed, 3 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/flashrom refs/changes/45/61545/1

diff --git a/fmap.c b/fmap.c
index b18cbf7..bb7c0d9 100644
--- a/fmap.c
+++ b/fmap.c
@@ -96,6 +96,9 @@
    off_t offset;
    bool fmap_found = 0;
+	if (len == 0)
+		return -1;
+
    for (offset = 0; offset <= (off_t)(len - sizeof(struct fmap)); offset++) {
    	if (is_valid_fmap((struct fmap *)&buf[offset])) {
    		fmap_found = 1;
-- 
To view, visit https://review.coreboot.org/c/flashrom/+/61545
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: flashrom
Gerrit-Branch: master
Gerrit-Change-Id: Ifb408c55c3b69ddff453dcc704b7389298050473
Gerrit-Change-Number: 61545
Gerrit-PatchSet: 1
Gerrit-Owner: Edward O'Callaghan quasisec@chromium.org
Gerrit-MessageType: newchange



    