[PATCH] lib: fwts_acpi_tables: enforce stricter table loading checks

[Colin King]

From: Colin Ian King <colin.king at canonical.com>

Coverty Scan is warning that malicious or malformed tables being read in
from file could cause problems with the low 32 bit allocator. Add some
stricter checking of the size of the buffer being read and also the total
ACPI table size.  ACPI stipulates that the table size is a 32 bit integer
(which is huge), but we need to keep to that maximum upper limit to be
in spec.

Signed-off-by: Colin Ian King <colin.king at canonical.com>
---
 src/lib/src/fwts_acpi_tables.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/lib/src/fwts_acpi_tables.c b/src/lib/src/fwts_acpi_tables.c
index 81fb096..cca1135 100644
--- a/src/lib/src/fwts_acpi_tables.c
+++ b/src/lib/src/fwts_acpi_tables.c
@@ -667,6 +667,10 @@ static uint8_t *fwts_acpi_load_table_from_file(const int fd, size_t *length)
 			}
 			continue;
 		}
+		if (n > (ssize_t)sizeof(buffer))
+			goto too_big;	/* Unlikely */
+		if (size + n > 0xffffffff)
+			goto too_big;	/* Very unlikely */
 
 		if ((tmp = (uint8_t*)fwts_low_realloc(ptr, size + n + 1)) == NULL) {
 			free(ptr);
@@ -678,6 +682,11 @@ static uint8_t *fwts_acpi_load_table_from_file(const int fd, size_t *length)
 	}
 	*length = size;
 	return ptr;
+
+too_big:
+	free(ptr);
+	*length = 0;
+	return NULL;
 }
 
 /*
-- 
2.1.4