diff options
author | Jacob Garber <jgarber1@ualberta.ca> | 2019-06-26 16:18:16 -0600 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2019-08-20 15:27:42 +0000 |
commit | 9172b6920cac2c4dabf19e529dbfed91b15685c5 (patch) | |
tree | 761b138ce45fface88f8babba31d48bff43203d5 /src/vendorcode/google | |
parent | 5fa756cc97de1ed30ac3fd4d5ddb85f079efe521 (diff) |
src: Remove variable length arrays
Variable length arrays were a feature added in C99 that allows the
length of an array to be determined at runtime. Eg.
int sum(size_t n) {
int arr[n];
...
}
This adds a small amount of runtime overhead, but is also very
dangerous, since it allows use of an unlimited amount of stack memory,
potentially leading to stack overflow. This is only worsened in
coreboot, which often has very little stack space to begin with. Citing
concerns like this, all instances of VLA's were recently removed from the
Linux kernel. In the immortal words of Linus Torvalds [0],
AND USING VLA'S IS ACTIVELY STUPID! It generates much more code, and
much _slower_ code (and more fragile code), than just using a fixed
key size would have done. [...] Anyway, some of these are definitely
easy to just fix, and using VLA's is actively bad not just for
security worries, but simply because VLA's are a really horribly bad
idea in general in the kernel.
This patch follows suit and zaps all VLA's in coreboot. Some of the
existing VLA's are accidental ones, and all but one can be replaced with
small fixed-size buffers. The single tricky exception is in the SPI
controller interface, which will require a rewrite of old drivers
to remove [1].
[0] https://lkml.org/lkml/2018/3/7/621
[1] https://ticket.coreboot.org/issues/217
Change-Id: I7d9d1ddadbf1cee5f695165bbe3f0effb7bd32b9
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/33821
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
Diffstat (limited to 'src/vendorcode/google')
-rw-r--r-- | src/vendorcode/google/chromeos/sar.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/src/vendorcode/google/chromeos/sar.c b/src/vendorcode/google/chromeos/sar.c index bbcb211c3a..01de60c835 100644 --- a/src/vendorcode/google/chromeos/sar.c +++ b/src/vendorcode/google/chromeos/sar.c @@ -61,11 +61,10 @@ int get_wifi_sar_limits(struct wifi_sar_limits *sar_limits) const char *wifi_sar_limit_key = CROS_VPD_WIFI_SAR_NAME; /* vpd_gets() reads in one less than size characters from the VPD * with a terminating null byte ('\0') stored as the last character into - * the buffer, thus the increasing by 1 for buffer_size. */ - const size_t buffer_size = (sizeof(struct wifi_sar_limits) / - sizeof(uint8_t)) * 2 + 1; - char wifi_sar_limit_str[buffer_size]; + * the buffer, thus the increasing by 1 for the buffer size. */ + char wifi_sar_limit_str[2 * sizeof(struct wifi_sar_limits) + 1]; uint8_t bin_buffer[sizeof(struct wifi_sar_limits)]; + const size_t buffer_size = ARRAY_SIZE(wifi_sar_limit_str); size_t sar_cbfs_len, sar_expected_len, bin_buff_adjusted_size; /* keep it backward compatible. Some older platform are shipping |