summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhilipp Bartsch <phil@grmr.de>2020-05-15 07:17:46 +0200
committerPatrick Georgi <pgeorgi@google.com>2020-05-18 07:32:16 +0000
commit7f5f9331d1c8bc6012b4179018079e1b6aedc665 (patch)
treeafb84877ae96bfca7d5a76d1c0e21edb1ca46f5f
parentf39dab1b953077ebcc3652bc126196cfaec2672c (diff)
util/cbfstool: fix buffer over-read
Fix unterminated array. When looking for a type not specified in filetypes (cbfs.h:204), the loop in lookup_name_by_type (cbfs_image.c:60) will run into a buffer over-read. Found-by: AFL++ 2.64d rev 1317433 Signed-off-by: Philipp Bartsch <phil@grmr.de> Change-Id: Ib82bb92e82b09fa1e26b9ca34529ec7b98e8f7b1 Reviewed-on: https://review.coreboot.org/c/coreboot/+/41421 Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
-rw-r--r--util/cbfstool/cbfs.h3
1 files changed, 2 insertions, 1 deletions
diff --git a/util/cbfstool/cbfs.h b/util/cbfstool/cbfs.h
index 421f0bc703..e58dfae009 100644
--- a/util/cbfstool/cbfs.h
+++ b/util/cbfstool/cbfs.h
@@ -210,7 +210,8 @@ static struct typedesc_t filetypes[] unused = {
{CBFS_COMPONENT_EFI, "efi"},
{CBFS_COMPONENT_STRUCT, "struct"},
{CBFS_COMPONENT_DELETED, "deleted"},
- {CBFS_COMPONENT_NULL, "null"}
+ {CBFS_COMPONENT_NULL, "null"},
+ {0, NULL}
};
static const struct typedesc_t types_cbfs_hash[] unused = {