Message ID | 1451963506-3946-1-git-send-email-ivan.hu@canonical.com |
---|---|
State | Accepted |
Headers | show |
On 2016-01-05 11:11 AM, Ivan Hu wrote: > Static analysis from clang scan-build found a declared variable-length > array(VLA) has zero size, setvariable_insertvariable() declares data[datasize], > however, it is called when delete a variable as follows: > ret = setvariable_insertvariable(fw, attributes, 0, variablenametest, > >estguid1, datadiff); so got a declared data[0] declared. > > For Setvariable, Firmware will respond base on the datasize, for example, zero > datasize means to delete the variable, the data buffer won't affect the > setvariable function, the simplest way to avoid clang scan-build complaint > is to add extra byte data buffer. > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > src/uefi/uefirtvariable/uefirtvariable.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/uefi/uefirtvariable/uefirtvariable.c b/src/uefi/uefirtvariable/uefirtvariable.c > index b3c7559..8efa7b3 100644 > --- a/src/uefi/uefirtvariable/uefirtvariable.c > +++ b/src/uefi/uefirtvariable/uefirtvariable.c > @@ -867,7 +867,7 @@ static int setvariable_insertvariable( > uint64_t status; > uint64_t dataindex; > > - uint8_t data[datasize]; > + uint8_t data[datasize + 1]; > > for (dataindex = 0; dataindex < datasize; dataindex++) > data[dataindex] = (uint8_t)dataindex + datadiff; > Acked-by: Alex Hung <alex.hung@canonical.com>
On 05/01/16 03:11, Ivan Hu wrote: > Static analysis from clang scan-build found a declared variable-length > array(VLA) has zero size, setvariable_insertvariable() declares data[datasize], > however, it is called when delete a variable as follows: > ret = setvariable_insertvariable(fw, attributes, 0, variablenametest, > >estguid1, datadiff); so got a declared data[0] declared. > > For Setvariable, Firmware will respond base on the datasize, for example, zero > datasize means to delete the variable, the data buffer won't affect the > setvariable function, the simplest way to avoid clang scan-build complaint > is to add extra byte data buffer. > > Signed-off-by: Ivan Hu <ivan.hu@canonical.com> > --- > src/uefi/uefirtvariable/uefirtvariable.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/uefi/uefirtvariable/uefirtvariable.c b/src/uefi/uefirtvariable/uefirtvariable.c > index b3c7559..8efa7b3 100644 > --- a/src/uefi/uefirtvariable/uefirtvariable.c > +++ b/src/uefi/uefirtvariable/uefirtvariable.c > @@ -867,7 +867,7 @@ static int setvariable_insertvariable( > uint64_t status; > uint64_t dataindex; > > - uint8_t data[datasize]; > + uint8_t data[datasize + 1]; > > for (dataindex = 0; dataindex < datasize; dataindex++) > data[dataindex] = (uint8_t)dataindex + datadiff; > Thanks Ivan! Acked-by: Colin Ian King <colin.king@canonical.com>
diff --git a/src/uefi/uefirtvariable/uefirtvariable.c b/src/uefi/uefirtvariable/uefirtvariable.c index b3c7559..8efa7b3 100644 --- a/src/uefi/uefirtvariable/uefirtvariable.c +++ b/src/uefi/uefirtvariable/uefirtvariable.c @@ -867,7 +867,7 @@ static int setvariable_insertvariable( uint64_t status; uint64_t dataindex; - uint8_t data[datasize]; + uint8_t data[datasize + 1]; for (dataindex = 0; dataindex < datasize; dataindex++) data[dataindex] = (uint8_t)dataindex + datadiff;
Static analysis from clang scan-build found a declared variable-length array(VLA) has zero size, setvariable_insertvariable() declares data[datasize], however, it is called when delete a variable as follows: ret = setvariable_insertvariable(fw, attributes, 0, variablenametest, >estguid1, datadiff); so got a declared data[0] declared. For Setvariable, Firmware will respond base on the datasize, for example, zero datasize means to delete the variable, the data buffer won't affect the setvariable function, the simplest way to avoid clang scan-build complaint is to add extra byte data buffer. Signed-off-by: Ivan Hu <ivan.hu@canonical.com> --- src/uefi/uefirtvariable/uefirtvariable.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)