elogtool: Fix potential buffer overrun

BUG=b:239110778
TEST=Make sure that the output of elogtool is unaffected by this change.

Signed-off-by: Kapil Porwal <kapilporwal@google.com>
Change-Id: Ia1a6341abd834dd9ad5f12c9f2eefb0489364a08
Reviewed-on: https://review.coreboot.org/c/coreboot/+/72099
Reviewed-by: Subrata Banik <subratabanik@google.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
Kapil Porwal
2023-01-20 01:00:42 +05:30
committed by Felix Held
parent 79312afdde
commit 0b6954b8d5
2 changed files with 38 additions and 3 deletions

View File

@@ -196,7 +196,11 @@ static int cmd_list(const struct buffer *buf)
event = buffer_get(buf) + sizeof(struct elog_header);
while ((const void *)(event) < buffer_end(buf)) {
if (event->type == ELOG_TYPE_EOL || event->length == 0)
if (((const void *)event + sizeof(*event)) >= buffer_end(buf)
|| event->length <= sizeof(*event)
|| event->length > ELOG_MAX_EVENT_SIZE
|| ((const void *)event + event->length) >= buffer_end(buf)
|| event->type == ELOG_TYPE_EOL)
break;
eventlog_print_event(event, count);