elogtool: Fix potential buffer overrun
BUG=b:239110778 TEST=Make sure that the output of elogtool is unaffected by this change. Signed-off-by: Kapil Porwal <kapilporwal@google.com> Change-Id: Ia1a6341abd834dd9ad5f12c9f2eefb0489364a08 Reviewed-on: https://review.coreboot.org/c/coreboot/+/72099 Reviewed-by: Subrata Banik <subratabanik@google.com> Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
This commit is contained in:
@@ -196,7 +196,11 @@ static int cmd_list(const struct buffer *buf)
|
||||
event = buffer_get(buf) + sizeof(struct elog_header);
|
||||
|
||||
while ((const void *)(event) < buffer_end(buf)) {
|
||||
if (event->type == ELOG_TYPE_EOL || event->length == 0)
|
||||
if (((const void *)event + sizeof(*event)) >= buffer_end(buf)
|
||||
|| event->length <= sizeof(*event)
|
||||
|| event->length > ELOG_MAX_EVENT_SIZE
|
||||
|| ((const void *)event + event->length) >= buffer_end(buf)
|
||||
|| event->type == ELOG_TYPE_EOL)
|
||||
break;
|
||||
|
||||
eventlog_print_event(event, count);
|
||||
|
Reference in New Issue
Block a user