[coreboot-gerrit] Change in coreboot[master]: src/lib/edid: avoid buffer overflow
Patrick Georgi (Code Review)
gerrit at coreboot.org
Tue Sep 18 18:03:00 CEST 2018
Patrick Georgi has uploaded this change for review. ( https://review.coreboot.org/28659
Change subject: src/lib/edid: avoid buffer overflow
......................................................................
src/lib/edid: avoid buffer overflow
It's more theoretical, but lest somebody calls extract_string()
with too large a length...
Change-Id: I3934bd6965318cdffe5c636b01b3e0c4426e8d1d
Signed-off-by: Patrick Georgi <pgeorgi at google.com>
Found-by: Coverity Scan #1374795
---
M src/lib/edid.c
1 file changed, 4 insertions(+), 4 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/59/28659/1
diff --git a/src/lib/edid.c b/src/lib/edid.c
index 9cf9b8a..0bfd20f 100644
--- a/src/lib/edid.c
+++ b/src/lib/edid.c
@@ -175,12 +175,12 @@
static char *
extract_string(unsigned char *x, int *valid_termination, int len)
{
- static char ret[128];
+ static char ret[EDID_ASCII_STRING_LENGTH + 1];
int i, seen_newline = 0;
memset(ret, 0, sizeof(ret));
- for (i = 0; i < len; i++) {
+ for (i = 0; i < min(len, EDID_ASCII_STRING_LENGTH); i++) {
if (seen_newline) {
if (x[i] != 0x20) {
*valid_termination = 0;
@@ -284,7 +284,7 @@
printk(BIOS_SPEW, "Monitor name: %s\n",
extract_string(x + 5,
&c->has_valid_string_termination,
- 13));
+ EDID_ASCII_STRING_LENGTH));
return 1;
case 0xFD:
{
@@ -476,7 +476,7 @@
case 0xFF:
printk(BIOS_SPEW, "Serial number: %s\n",
extract_string(x + 5,
- &c->has_valid_string_termination, 13));
+ &c->has_valid_string_termination, EDID_ASCII_STRING_LENGTH));
return 1;
default:
printk(BIOS_SPEW,
--
To view, visit https://review.coreboot.org/28659
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-MessageType: newchange
Gerrit-Change-Id: I3934bd6965318cdffe5c636b01b3e0c4426e8d1d
Gerrit-Change-Number: 28659
Gerrit-PatchSet: 1
Gerrit-Owner: Patrick Georgi <pgeorgi at google.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.coreboot.org/pipermail/coreboot-gerrit/attachments/20180918/87126700/attachment.html>
More information about the coreboot-gerrit
mailing list