Attention is currently required from: Edward O'Callaghan, Angel Pons, Julius Werner. Nico Huber has posted comments on this change. ( https://review.coreboot.org/c/flashrom/+/61545 )
Change subject: fmap.c: Avoid undefined behaviour with fmap_lsearch([len:=0]) ......................................................................
Patch Set 1:
(2 comments)
File fmap.c:
https://review.coreboot.org/c/flashrom/+/61545/comment/d921bd87_42d3b6cd PS1, Line 99: if (len == 0)
How does a length of zero cause problems? What if len is non-zero but smaller than `sizeof(struct fm […]
+1 we should simply check that the calculation below doesn't overflow.
https://review.coreboot.org/c/flashrom/+/61545/comment/1ebc9fd9_bb0f456a PS1, Line 102: (off_t)(len - sizeof(struct fmap) Hrmm, I added this cast at some point, but it doesn't seem to fix the issue fully. In case `size_t` is smaller than `off_t`, the overflown `size_t` (a positive number) would fit into `off_t` and not be converted to a negative number, right?