[OpenBIOS] [PATCH] bootinfo_load.c: stop parsing CHRP boot script when NULL is reached
Segher Boessenkool
segher at kernel.crashing.org
Sun Jun 21 01:44:43 CEST 2015
On Sat, Jun 20, 2015 at 11:07:01PM +0100, Mark Cave-Ayland wrote:
> + /* Some bootinfo scripts contain a binary payload after the
> + NULL-terminated Forth string such as OS 9. Restrict our
> + size to just the Forth section, otherwise we end up trying
> + to allocate memory for the entire binary which will fail. */
"Might fail"?
> + size = MIN(strlen(base), size);
"MIN" doesn't make terribly much sense here -- if "size" is the smaller
of the two, strlen() will have done out-of-bounds accesses, and if not,
you don't need MIN. Use strnlen() isntead? I.e.
size = strnlen(base, size);
Segher
More information about the OpenBIOS
mailing list