[U-Boot,1/1] efi_loader: avoid using unitialized values as console size

Message ID 20180516161738.2503-1-xypron.glpk@gmx.de
State Accepted
Delegated to: Alexander Graf
Headers show
Series
  • [U-Boot,1/1] efi_loader: avoid using unitialized values as console size
Related show

Commit Message

Heinrich Schuchardt May 16, 2018, 4:17 p.m.
If a request for the console size would be answered with a response
with less then three values, uninitialized stack memory would be
copied to the number of rows and columns of the terminal.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
---
 lib/efi_loader/efi_console.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

Comments

Simon Glass May 16, 2018, 8:57 p.m. | #1
On 16 May 2018 at 10:17, Heinrich Schuchardt <xypron.glpk@gmx.de> wrote:
> If a request for the console size would be answered with a response
> with less then three values, uninitialized stack memory would be
> copied to the number of rows and columns of the terminal.
>
> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
> ---
>  lib/efi_loader/efi_console.c | 14 ++++++++++++--
>  1 file changed, 12 insertions(+), 2 deletions(-)
>

Reviewed-by: Simon Glass <sjg@chromium.org>

Patch

diff --git a/lib/efi_loader/efi_console.c b/lib/efi_loader/efi_console.c
index 5d1a9a8081e..8365431291c 100644
--- a/lib/efi_loader/efi_console.c
+++ b/lib/efi_loader/efi_console.c
@@ -63,7 +63,15 @@  static struct simple_text_output_mode efi_con_mode = {
 	.cursor_visible = 1,
 };
 
-static int term_read_reply(int *n, int maxnum, char end_char)
+/*
+ * Receive and parse a reply from the terminal.
+ *
+ * @n:		array of return values
+ * @num:	number of return values expected
+ * @end_char:	character indicating end of terminal message
+ * @return:	non-zero indicates error
+ */
+static int term_read_reply(int *n, int num, char end_char)
 {
 	char c;
 	int i = 0;
@@ -80,7 +88,7 @@  static int term_read_reply(int *n, int maxnum, char end_char)
 		c = getc();
 		if (c == ';') {
 			i++;
-			if (i >= maxnum)
+			if (i >= num)
 				return -1;
 			n[i] = 0;
 			continue;
@@ -94,6 +102,8 @@  static int term_read_reply(int *n, int maxnum, char end_char)
 		n[i] *= 10;
 		n[i] += c - '0';
 	}
+	if (i != num - 1)
+		return -1;
 
 	return 0;
 }