[flashrom] [PATCH] Avoid buffer overflow for excessive layouts
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2006 at gmx.net
Thu Dec 2 13:45:07 CET 2010
Stop reading layout info when the max layout count has been reached.
Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net>
Index: flashrom-layout_overflow/layout.c
===================================================================
--- flashrom-layout_overflow/layout.c (Revision 1238)
+++ flashrom-layout_overflow/layout.c (Arbeitskopie)
@@ -152,6 +152,14 @@
while (!feof(romlayout)) {
char *tstr1, *tstr2;
+
+ if (romimages >= MAX_ROMLAYOUT) {
+ msg_gerr("Maximum number of ROM images (%i) in layout "
+ "file reached before end of layout file.\n",
+ MAX_ROMLAYOUT);
+ msg_gerr("Ignoring the rest of the layout file.\n");
+ break;
+ }
if (2 != fscanf(romlayout, "%s %s\n", tempstr, rom_entries[romimages].name))
continue;
#if 0
--
http://www.hailfinger.org/
More information about the flashrom
mailing list