[coreboot-gerrit] Change in coreboot[master]: util/intelmetool: Fix access to deleted data on stack

Youness Alaoui (Code Review) gerrit at coreboot.org
Fri Mar 31 22:25:38 CEST 2017 

Youness Alaoui has uploaded a new change for review. ( https://review.coreboot.org/19066 )

Change subject: util/intelmetool: Fix access to deleted data on stack
......................................................................

util/intelmetool: Fix access to deleted data on stack

pci_me_interface_scan was returning (via argument 'name') a pointer
to the interface name which was stored in a stack variable.
This caused part of the name to be printed as garbage stack data
in some situations if stack data was overwritten.

This moves the name buffer to the calling function so it can be accessed
before it gets overwritten.

Change-Id: I947a4c794ee37fe87e035593eaabcaf963b9875e
Signed-off-by: Youness Alaoui <youness.alaoui at puri.sm>
---
M util/intelmetool/intelmetool.c
1 file changed, 4 insertions(+), 5 deletions(-)


  git pull ssh://review.coreboot.org:29418/coreboot refs/changes/66/19066/1

diff --git a/util/intelmetool/intelmetool.c b/util/intelmetool/intelmetool.c
index 45e8c8f..498bf41 100644
--- a/util/intelmetool/intelmetool.c
+++ b/util/intelmetool/intelmetool.c
@@ -152,10 +152,9 @@
 	return 0;
 }
 
-static struct pci_dev *pci_me_interface_scan(char **name) {
+static struct pci_dev *pci_me_interface_scan(char **name, char *namebuf, int namebuf_size) {
 	struct pci_access *pacc;
 	struct pci_dev *dev;
-	char namebuf[1024];
 	int me = 0;
 
 	pacc = pci_alloc();
@@ -166,7 +165,7 @@
 
 	for (dev=pacc->devices; dev; dev=dev->next) {
 		pci_fill_info(dev, PCI_FILL_IDENT | PCI_FILL_BASES | PCI_FILL_SIZES | PCI_FILL_CLASS);
-		*name = pci_lookup_name(pacc, namebuf, sizeof(namebuf),
+		*name = pci_lookup_name(pacc, namebuf, namebuf_size,
 			PCI_LOOKUP_DEVICE, dev->vendor_id, dev->device_id);
 		if (dev->vendor_id == 0x8086) {
 			if (PCI_DEV_HAS_SUPPORTED_ME(dev->device_id)) {
@@ -226,7 +225,7 @@
 static void dump_me_info() {
 	struct pci_dev *dev;
 	uint32_t stat, stat2;
-	char *name;
+	char namebuf[1024], *name;
 
 	if (pci_platform_scan()) {
 		exit(1);
@@ -236,7 +235,7 @@
 		exit(1);
 	}
 
-	dev = pci_me_interface_scan(&name);
+	dev = pci_me_interface_scan(&name, namebuf, sizeof(namebuf));
 	if (!dev) {
 		exit(1);
 	}

-- 
To view, visit https://review.coreboot.org/19066
To unsubscribe, visit https://review.coreboot.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I947a4c794ee37fe87e035593eaabcaf963b9875e
Gerrit-PatchSet: 1
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Owner: Youness Alaoui <snifikino at gmail.com>

More information about the coreboot-gerrit mailing list