[coreboot-gerrit] Change in coreboot[master]: util/intelmetool: Fix access to deleted data on stack

Youness Alaoui (Code Review) gerrit at coreboot.org
Fri Mar 31 23:07:50 CEST 2017 

Youness Alaoui has posted comments on this change. ( https://review.coreboot.org/19066 )

Change subject: util/intelmetool: Fix access to deleted data on stack
......................................................................


Patch Set 1:

(3 comments)

https://review.coreboot.org/#/c/19066/1//COMMIT_MSG
Commit Message:

PS1, Line 9: pci_me_interface_scan was returning (via argument 'name') a pointer
           : to the interface name which was stored in a stack variable.
           : This caused part of the name to be printed as garbage stack data
           : in some situations if stack data was overwritten.
> There is no reason to break the line for a new sentence, if it’s in the sam
You mean between "stack variable." and "This caused" ? I broke that line because of the 80-char limit, not because it's a new sentence. I can merge 'this' into the previous line if that's what you want.


https://review.coreboot.org/#/c/19066/1/util/intelmetool/intelmetool.c
File util/intelmetool/intelmetool.c:

PS1, Line 155: char
> I think this should be `const char`. That libpci has a weird interface,
I don't think it should be a const char, since the value of name gets modified. Unless I'm misunderstanding what the const refers to in a 'const char **' declaration.


PS1, Line 238: name
> It's never checked for a NULL-pointer, or did I miss that?
It's not checked, it's used for the printf below directly, but the value will always be set to either a static string or namebuf by pci_lookup_name, and pci_lookup_name is always called if 'dev' is returned non NULL, and 'dev' is checked. Either way, isn't printf NULL-safe when printing strings ?


-- 
To view, visit https://review.coreboot.org/19066
To unsubscribe, visit https://review.coreboot.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I947a4c794ee37fe87e035593eaabcaf963b9875e
Gerrit-PatchSet: 1
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Owner: Youness Alaoui <snifikino at gmail.com>
Gerrit-Reviewer: Nico Huber <nico.h at gmx.de>
Gerrit-Reviewer: Paul Menzel <paulepanter at users.sourceforge.net>
Gerrit-Reviewer: Philipp Deppenwiese <zaolin.daisuki at gmail.com>
Gerrit-Reviewer: Youness Alaoui <snifikino at gmail.com>
Gerrit-Reviewer: build bot (Jenkins)
Gerrit-HasComments: Yes

More information about the coreboot-gerrit mailing list