diff options
| author | Jacob Garber <jgarber1@ualberta.ca> | 2019-06-26 16:18:16 -0600 |
|---|---|---|
| committer | Patrick Georgi <pgeorgi@google.com> | 2019-08-20 15:27:42 +0000 |
| commit | 9172b6920cac2c4dabf19e529dbfed91b15685c5 (patch) | |
| tree | 761b138ce45fface88f8babba31d48bff43203d5 /src/arch/x86 | |
| parent | 5fa756cc97de1ed30ac3fd4d5ddb85f079efe521 (diff) | |
src: Remove variable length arrays
Variable length arrays were a feature added in C99 that allows the
length of an array to be determined at runtime. Eg.
int sum(size_t n) {
int arr[n];
...
}
This adds a small amount of runtime overhead, but is also very
dangerous, since it allows use of an unlimited amount of stack memory,
potentially leading to stack overflow. This is only worsened in
coreboot, which often has very little stack space to begin with. Citing
concerns like this, all instances of VLA's were recently removed from the
Linux kernel. In the immortal words of Linus Torvalds [0],
AND USING VLA'S IS ACTIVELY STUPID! It generates much more code, and
much _slower_ code (and more fragile code), than just using a fixed
key size would have done. [...] Anyway, some of these are definitely
easy to just fix, and using VLA's is actively bad not just for
security worries, but simply because VLA's are a really horribly bad
idea in general in the kernel.
This patch follows suit and zaps all VLA's in coreboot. Some of the
existing VLA's are accidental ones, and all but one can be replaced with
small fixed-size buffers. The single tricky exception is in the SPI
controller interface, which will require a rewrite of old drivers
to remove [1].
[0] https://lkml.org/lkml/2018/3/7/621
[1] https://ticket.coreboot.org/issues/217
Change-Id: I7d9d1ddadbf1cee5f695165bbe3f0effb7bd32b9
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33821
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Diffstat (limited to 'src/arch/x86')
| -rw-r--r-- | src/arch/x86/smbios.c | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/src/arch/x86/smbios.c b/src/arch/x86/smbios.c index 346e874217..f95516eee6 100644 --- a/src/arch/x86/smbios.c +++ b/src/arch/x86/smbios.c @@ -275,20 +275,18 @@ static void trim_trailing_whitespace(char *buffer, size_t buffer_size) static void smbios_fill_dimm_part_number(const char *part_number, struct smbios_type17 *t) { - const size_t trimmed_buffer_size = DIMM_INFO_PART_NUMBER_SIZE; - int invalid; size_t i, len; - char trimmed_part_number[trimmed_buffer_size]; + char trimmed_part_number[DIMM_INFO_PART_NUMBER_SIZE]; - strncpy(trimmed_part_number, part_number, trimmed_buffer_size); - trimmed_part_number[trimmed_buffer_size - 1] = '\0'; + strncpy(trimmed_part_number, part_number, sizeof(trimmed_part_number)); + trimmed_part_number[sizeof(trimmed_part_number) - 1] = '\0'; /* * SPD mandates that unused characters be represented with a ' '. * We don't want to publish the whitespace in the SMBIOS tables. */ - trim_trailing_whitespace(trimmed_part_number, trimmed_buffer_size); + trim_trailing_whitespace(trimmed_part_number, sizeof(trimmed_part_number)); len = strlen(trimmed_part_number); @@ -304,8 +302,7 @@ static void smbios_fill_dimm_part_number(const char *part_number, /* Null String in Part Number will have "None" instead. */ t->part_number = smbios_add_string(t->eos, "None"); } else if (invalid) { - char string_buffer[trimmed_buffer_size + - 10 /* strlen("Invalid ()") */]; + char string_buffer[sizeof(trimmed_part_number) + 10]; snprintf(string_buffer, sizeof(string_buffer), "Invalid (%s)", trimmed_part_number); |