[OpenBIOS] [PATCH] bootinfo_load.c: stop parsing CHRP boot script when NULL is reached

Segher Boessenkool segher at kernel.crashing.org
Sun Jun 21 01:44:43 CEST 2015

On Sat, Jun 20, 2015 at 11:07:01PM +0100, Mark Cave-Ayland wrote:
> +	/* Some bootinfo scripts contain a binary payload after the
> +	   NULL-terminated Forth string such as OS 9. Restrict our
> +	   size to just the Forth section, otherwise we end up trying
> +	   to allocate memory for the entire binary which will fail. */

"Might fail"?

> +	size = MIN(strlen(base), size);

"MIN" doesn't make terribly much sense here -- if "size" is the smaller
of the two, strlen() will have done out-of-bounds accesses, and if not,
you don't need MIN.  Use strnlen() isntead?  I.e.

	size = strnlen(base, size);


More information about the OpenBIOS mailing list