From 078a5a0e7ca006f6536d3a72e94f49f4d52f8953 Mon Sep 17 00:00:00 2001
From: Yu-Ping Wu <yupingso@chromium.org>
Date: Thu, 15 Aug 2024 10:17:38 +0800
Subject: commonlib/bsd/string: Fix pointer overflow for strnlen()

When `maxlen` is large (such as SIZE_MAX), the `end` pointer will
overflow, causing strnlen() to incorrectly return 0.

To not make the implementation over-complicated, fix the problem by
using a counter.

BUG=b:359951393
TEST=make unit-tests -j
BRANCH=none

Change-Id: Ic9d983b11391f5e05c2bceb262682aced5206f94
Signed-off-by: Yu-Ping Wu <yupingso@chromium.org>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/83914
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Karthik Ramasubramanian <kramasub@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Mario Scheithauer <mario.scheithauer@siemens.com>
---
 tests/commonlib/bsd/string-test.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'tests/commonlib/bsd')

diff --git a/tests/commonlib/bsd/string-test.c b/tests/commonlib/bsd/string-test.c
index 37419f049d..194177abbb 100644
--- a/tests/commonlib/bsd/string-test.c
+++ b/tests/commonlib/bsd/string-test.c
@@ -23,6 +23,9 @@ static void test_strlen(void **state)
 
 static void test_strnlen(void **state)
 {
+	/* maxlen is SIZE_MAX */
+	assert_int_equal(8, strnlen("coreboot", SIZE_MAX));
+
 	/* maxlen larger than string len */
 	assert_int_equal(8, strnlen("coreboot", 100));
 
-- 
cgit v1.2.3