ACK: [PATCH] uefi: uefirtvariable: fix incorrect buffer size being passed

Alex Hung alex.hung at canonical.com
Thu May 21 22:59:38 UTC 2015


On 05/15/2015 03:35 AM, Colin King wrote:
> From: Colin Ian King <colin.king at canonical.com>
> 
> The existing code passes the size of name, which turns out to be a 4 or
> 8 depending on a 32 or 64 bit machine because name is a pointer and not
> a buffer.  Fix this by making name a variable sized array; this also
> allows us to remove the complexity of allocation failure handling too.
> 
> Signed-off-by: Colin Ian King <colin.king at canonical.com>
> ---
>  src/uefi/uefirtvariable/uefirtvariable.c | 19 +++++++------------
>  1 file changed, 7 insertions(+), 12 deletions(-)
> 
> diff --git a/src/uefi/uefirtvariable/uefirtvariable.c b/src/uefi/uefirtvariable/uefirtvariable.c
> index 0617ff4..e59e005 100644
> --- a/src/uefi/uefirtvariable/uefirtvariable.c
> +++ b/src/uefi/uefirtvariable/uefirtvariable.c
> @@ -633,7 +633,6 @@ static int getnextvariable_test3(fwts_framework *fw)
>  	uint64_t maxvariablenamesize = variablenamesize;
>  	uint16_t *variablename;
>  	EFI_GUID vendorguid;
> -	char *name;
>  	int ret;
>  
>  	variablename = malloc(sizeof(uint16_t) * variablenamesize);
> @@ -730,17 +729,13 @@ static int getnextvariable_test3(fwts_framework *fw)
>  		item->hash = hash_func(variablename, variablenamesize);
>  
>  		if (bucket_insert(item)) {
> -			name = malloc(variablenamesize * sizeof(char));
> -			if (name) {
> -				fwts_uefi_str16_to_str(name, sizeof(name), variablename);
> -				fwts_failed(fw, LOG_LEVEL_HIGH,
> -					"UEFIRuntimeGetNextVariableName",
> -					"Duplicate variable name %s found.", name);
> -				free(name);
> -			} else
> -				fwts_failed(fw, LOG_LEVEL_HIGH,
> -					"UEFIRuntimeGetNextVariableName",
> -					"Duplicate variable name found (too long name).");
> +			char name[variablenamesize];
> +
> +			fwts_uefi_str16_to_str(name, sizeof(name), variablename);
> +			fwts_failed(fw, LOG_LEVEL_HIGH,
> +				"UEFIRuntimeGetNextVariableName",
> +				"Duplicate variable name %s found.", name);
> +
>  			free(item->name);
>  			free(item->guid);
>  			free(item);
> 

Acked-by: Alex Hung <alex.hung at canonical.com>



More information about the fwts-devel mailing list