{"id":2226781,"url":"http://patchwork.ozlabs.org/api/patches/2226781/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/patch/20260422193846.1333146-1-raymondmaoca@gmail.com/","project":{"id":18,"url":"http://patchwork.ozlabs.org/api/projects/18/?format=json","name":"U-Boot","link_name":"uboot","list_id":"u-boot.lists.denx.de","list_email":"u-boot@lists.denx.de","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260422193846.1333146-1-raymondmaoca@gmail.com>","list_archive_url":null,"date":"2026-04-22T19:38:45","name":"[v2] smbios: Add an explicit bounds check for Type 9 length","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"af5c62fafdffa779a04612461da351a4bd11c3b1","submitter":{"id":91989,"url":"http://patchwork.ozlabs.org/api/people/91989/?format=json","name":"Raymond Mao","email":"raymondmaoca@gmail.com"},"delegate":{"id":161313,"url":"http://patchwork.ozlabs.org/api/users/161313/?format=json","username":"raymo200915","first_name":"Raymond","last_name":"Mao","email":"raymondmaoca@gmail.com"},"mbox":"http://patchwork.ozlabs.org/project/uboot/patch/20260422193846.1333146-1-raymondmaoca@gmail.com/mbox/","series":[{"id":501096,"url":"http://patchwork.ozlabs.org/api/series/501096/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/list/?series=501096","date":"2026-04-22T19:38:45","name":"[v2] smbios: Add an explicit bounds check for Type 9 length","version":2,"mbox":"http://patchwork.ozlabs.org/series/501096/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2226781/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2226781/checks/","tags":{},"related":[],"headers":{"Return-Path":"<u-boot-bounces@lists.denx.de>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=Xm0szHUx;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=gmail.com","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.b=\"Xm0szHUx\";\n\tdkim-atps=neutral","phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=gmail.com","phobos.denx.de;\n spf=pass smtp.mailfrom=raymondmaoca@gmail.com"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g18g25jqRz1y2d\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 23 Apr 2026 05:39:10 +1000 (AEST)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 5E5288432A;\n\tWed, 22 Apr 2026 21:39:00 +0200 (CEST)","by phobos.denx.de (Postfix, from userid 109)\n id AE5E584372; Wed, 22 Apr 2026 21:38:58 +0200 (CEST)","from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com\n [IPv6:2607:f8b0:4864:20::82b])\n (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id A35AC8426E\n for <u-boot@lists.denx.de>; Wed, 22 Apr 2026 21:38:56 +0200 (CEST)","by mail-qt1-x82b.google.com with SMTP id\n d75a77b69052e-506362ac5f7so47922551cf.1\n for <u-boot@lists.denx.de>; Wed, 22 Apr 2026 12:38:56 -0700 (PDT)","from ubuntu.localdomain (172-97-209-197.cpe.distributel.net.\n [172.97.209.197]) by smtp.gmail.com with ESMTPSA id\n 6a1803df08f44-8b205cc0353sm23382586d6.10.2026.04.22.12.38.53\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 22 Apr 2026 12:38:54 -0700 (PDT)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_GMAIL_RCVD,FREEMAIL_FROM,\n RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=no\n autolearn_force=no version=3.4.2","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1776886735; x=1777491535; darn=lists.denx.de;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=jh5OoNNlrmBk4Gdyaib9lGhu1BCpzlL08gEtEipXNGU=;\n b=Xm0szHUxzW/hrU9/BVcwFUzAEWsQAXnk9pyQEuUj84EGmrOpF5qnrvupoDv7sMQOsW\n rXrL49ZNr68gOJ3gRHqIDiZO0FIYPSfo6RWJUACPhkHz0OvpGpIojiWqwroeU3ettvLY\n /PJMUslRz8CAb6G/7jLonehLsjfps7XpHgAEwGXEviOOyRM48ssUXjZ2Hz3TiVQGcw1X\n 931Ftrt4aJ8dS7Hlo0PbmuN57QEXUHvEkgvPcorpOovvRIseFiAA+fs8HWPV4cuDVYwu\n rrU8c6tiIBW6t/8xM5FNibKNzQBeT8cBmDoWvHuMkD+Kpq394xYDWDBYbJTDnYC4NL2y\n ZAyw==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776886735; x=1777491535;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=jh5OoNNlrmBk4Gdyaib9lGhu1BCpzlL08gEtEipXNGU=;\n b=NmHkXS1hjyEIykOVcQXQ7K/XwDlsnaMuznBlfyCZUcMOGUTmlzP1ssydVCpEQGE30g\n fMkg1emYSq10ZSOhVdf0Gb1MsNlwi5TWu3YIpghqW63OKZJmj++UdQYud/4u1xxMyMkH\n z7E8gcoF2xnR03KNR26/tvlFymY9LtMbO6e8HnbO9TAthQ8B//79ysLw21/5WEEBU8fP\n EindjzlXv10bC8atAgI+tm+6ZUFStWIvoik/dGH45fC9wCA/4u2uFAuR1/7npm97bf6u\n rnm2RjG2wSN1ORQNDLhM0vy8aP4vD3dIenSqbncDxVGMyjgfiFKtdqeBHJaw6Tolkbns\n 3sbg==","X-Gm-Message-State":"AOJu0YyKiTHt02yOHJIIlVwOIFs7N83tdRrj+QMTqZ6LAf9uPabcGZdc\n mGt2EZhe1fQSL+niL7M2KaRMoymxZEsFNTMUzJjMrN+9+j1SARpABMh85d0LQlJUq0U=","X-Gm-Gg":"AeBDiesi/PP/DT2qUQRgEDAfsRvD/4546l8i9kxe/hUHrUROEHWBsLZ091bpgPFHa+R\n 83nFImYpVpMZRq4IleFvk7CUjsthP7KijhSZcaTG8xnXHvFY19Ob3gtgc+/rj81KpM7byRiKtIB\n UA69+LsWNhnm0rXgLuih00GJcmEQABQDe0tsC+LrparoBdmMu+/TJuvPQq+npwzrB2ftwKdJfCP\n mzh8wmhmFYweZrqgiPi1eh6qmSCFI3ihGGiWphhmZD56JlbUXLRNkZeZXu9LxWgwF0ODxnTBAVg\n 6jr91i8A2RiZuHMVPbLBzCmJqGbdktQjbvGyqXLvraNuBk1fw2aalNfPrKN1L+osjUWV06wAzCT\n HBeVGv8s3Wx6IKY8NCKPWdQYl4SpDiaDc1Tn5H97s8F6S3Ahi29gaHuZN41sXB60NzAQeiphRkA\n /Bv3DjYaZd1jkGkm2PiifZLQ2Zzk6ZQ+q3Kr99aqJPhoc+AUCKH5zUAQwPvFho2N6TF9pEc978t\n qCM7VhJnqz29pIjtJjmQvl/stMiVKwT","X-Received":"by 2002:ac8:5807:0:b0:50d:7c44:e144 with SMTP id\n d75a77b69052e-50e36b3ecaamr406794901cf.11.1776886735006;\n Wed, 22 Apr 2026 12:38:55 -0700 (PDT)","From":"Raymond Mao <raymondmaoca@gmail.com>","To":"u-boot@lists.denx.de","Cc":"Raymond Mao <raymond.mao@riscstar.com>,\n Raymond Mao <raymondmaoca@gmail.com>, Tom Rini <trini@konsulko.com>,\n Samuel Holland <samuel.holland@sifive.com>,\n Ilias Apalodimas <ilias.apalodimas@linaro.org>","Subject":"[PATCH v2] smbios: Add an explicit bounds check for Type 9 length","Date":"Wed, 22 Apr 2026 15:38:45 -0400","Message-Id":"<20260422193846.1333146-1-raymondmaoca@gmail.com>","X-Mailer":"git-send-email 2.25.1","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion <u-boot.lists.denx.de>","List-Unsubscribe":"<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>","List-Archive":"<https://lists.denx.de/pipermail/u-boot/>","List-Post":"<mailto:u-boot@lists.denx.de>","List-Help":"<mailto:u-boot-request@lists.denx.de?subject=help>","List-Subscribe":"<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" <u-boot-bounces@lists.denx.de>","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"},"content":"From: Raymond Mao <raymond.mao@riscstar.com>\n\nFix Coverity Scan defect on Type 9 length.\nType 9 formatted length is built dynamically from peer_grouping_count.\nAlthough peer_grouping_count is a byte, the resulting formatted area\nstill must fit in the SMBIOS header length field (u8).\nAdd an explicit bounds check before extending len, so the size used by\nmap_sysmem() and memset() is guaranteed to be valid and consistent\nwith hdr.length.\n\nFixes: a8442c226635 (\"smbios: add support for dynamic generation of Type 9 system slot tables\")\nAddresses-Coverity-ID: CID 645487: Insecure data handling (TAINTED_SCALAR)\nSigned-off-by: Raymond Mao <raymond.mao@riscstar.com>\n---\nChanges in v2:\n- return len 0 for errors to align with the existing convention of the\n  file. \n \n lib/smbios.c | 3 +++\n 1 file changed, 3 insertions(+)","diff":"diff --git a/lib/smbios.c b/lib/smbios.c\nindex d5f18c8bd69..fdab5948aad 100644\n--- a/lib/smbios.c\n+++ b/lib/smbios.c\n@@ -1093,6 +1093,9 @@ static int smbios_write_type9_1slot(ulong *current, int handle,\n \t * TODO:\n \t * peer_groups = <peer_grouping_count> * SMBIOS_TYPE9_PGROUP_SIZE\n \t */\n+\tif (len + pgroups_size > U8_MAX)\n+\t\treturn 0;\n+\n \tlen += pgroups_size;\n \n \tt = map_sysmem(*current, len);\n","prefixes":["v2"]}