nvramcui: fix a buffer overflow

Missing parentheses around addition. ==22611== Invalid write of size 8 ==22611== at 0x401B26: main (nvramcui.c:146) ==22611== Address 0x5a67c40 is 32 bytes inside a block of size 33 alloc'd ==22611== at 0x4C2BC0F: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==22611== by 0x401AA9: main (nvramcui.c:137) Change-Id: I9fd6a619dd03ebaaa066bca8fa5838e76374c984 Signed-off-by: Lubomir Rintel <lkundrak@v3.sk> Reviewed-on: http://review.coreboot.org/8527 Tested-by: build bot (Jenkins) Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Patrick Georgi <pgeorgi@google.com>
author: Lubomir Rintel <lkundrak@v3.sk> 2015-02-01 16:56:58 +0100
committer: Patrick Georgi <pgeorgi@google.com> 2015-02-25 21:06:19 +0100
commit: 18860d7a4f06c5b48dcd7ef90e3039cf44b4e57f (patch)
tree: 82cfb802033f39ee12fd0d0902df5dfaacd9382b /payloads/nvramcui
parent: 68009e98ab7172325da4c5482166a2515a3763ac (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/payloads/nvramcui/nvramcui.c b/payloads/nvramcui/nvramcui.c
index 65435489bb..b6cc4cda07 100644
--- a/payloads/nvramcui/nvramcui.c
+++ b/payloads/nvramcui/nvramcui.c
@@ -149,7 +149,7 @@ int main()
 				cmos_enum = next_cmos_enum_of_id(cmos_enum, option->config_id);
 			}
 
-			char **values = malloc(sizeof(char*)*numvals + 1);
+			char **values = malloc(sizeof(char*)*(numvals + 1));
 			int cnt = 0;
 
 			cmos_enum = first_cmos_enum_of_id(opttbl, option->config_id);
author	Lubomir Rintel <lkundrak@v3.sk>	2015-02-01 16:56:58 +0100
committer	Patrick Georgi <pgeorgi@google.com>	2015-02-25 21:06:19 +0100
commit	18860d7a4f06c5b48dcd7ef90e3039cf44b4e57f (patch)
tree	82cfb802033f39ee12fd0d0902df5dfaacd9382b /payloads/nvramcui
parent	68009e98ab7172325da4c5482166a2515a3763ac (diff)