ACK: [PATCH] uefi: uefirtvariable: fix incorrect buffer size being passed
ivanhu
ivan.hu at canonical.com
Fri May 29 06:54:23 UTC 2015
On 2015年05月15日 18:35, Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
>
> The existing code passes the size of name, which turns out to be a 4 or
> 8 depending on a 32 or 64 bit machine because name is a pointer and not
> a buffer. Fix this by making name a variable sized array; this also
> allows us to remove the complexity of allocation failure handling too.
>
> Signed-off-by: Colin Ian King <colin.king at canonical.com>
> ---
> src/uefi/uefirtvariable/uefirtvariable.c | 19 +++++++------------
> 1 file changed, 7 insertions(+), 12 deletions(-)
>
> diff --git a/src/uefi/uefirtvariable/uefirtvariable.c b/src/uefi/uefirtvariable/uefirtvariable.c
> index 0617ff4..e59e005 100644
> --- a/src/uefi/uefirtvariable/uefirtvariable.c
> +++ b/src/uefi/uefirtvariable/uefirtvariable.c
> @@ -633,7 +633,6 @@ static int getnextvariable_test3(fwts_framework *fw)
> uint64_t maxvariablenamesize = variablenamesize;
> uint16_t *variablename;
> EFI_GUID vendorguid;
> - char *name;
> int ret;
>
> variablename = malloc(sizeof(uint16_t) * variablenamesize);
> @@ -730,17 +729,13 @@ static int getnextvariable_test3(fwts_framework *fw)
> item->hash = hash_func(variablename, variablenamesize);
>
> if (bucket_insert(item)) {
> - name = malloc(variablenamesize * sizeof(char));
> - if (name) {
> - fwts_uefi_str16_to_str(name, sizeof(name), variablename);
> - fwts_failed(fw, LOG_LEVEL_HIGH,
> - "UEFIRuntimeGetNextVariableName",
> - "Duplicate variable name %s found.", name);
> - free(name);
> - } else
> - fwts_failed(fw, LOG_LEVEL_HIGH,
> - "UEFIRuntimeGetNextVariableName",
> - "Duplicate variable name found (too long name).");
> + char name[variablenamesize];
> +
> + fwts_uefi_str16_to_str(name, sizeof(name), variablename);
> + fwts_failed(fw, LOG_LEVEL_HIGH,
> + "UEFIRuntimeGetNextVariableName",
> + "Duplicate variable name %s found.", name);
> +
> free(item->name);
> free(item->guid);
> free(item);
Acked-by: Ivan Hu<ivan.hu at canonical.com>
More information about the fwts-devel
mailing list