> -----Original Message----- > From: Patrick Georgi [mailto:[email protected]] > Sent: Saturday, April 25, 2009 7:16 AM > To: Myles Watson > Cc: [email protected] > Subject: Re: [coreboot] [PATCH] more intelligent cbfs walker > > Am 25.04.2009 15:06, schrieb Myles Watson: > > OK. I think that would be more clear if we tested foffset. How about > > if (foffset == 0) /* Invalid CBFS entry that would cause an infinite > loop */ > > return NULL; > > > > Or we could just test foffset when we test the magic number. > > > The problem is that we can't trust _anything_ in that array: there's no > final entry in the chain, so the data after that is garbage. > You still have an endless loop for (foffset == 4) && (flen == -4) > We could do > if (foffset + flen == 0) return NULL; > but I wonder why we shouldn't just do the full test then, with some > comment to the same effect as yours above.
I can see your point, but CBFS design assumes that CBFS magic is sufficient. We know how large the file system is, and any entry inside it was created by a CBFS tool. If we really want to be paranoid, you need to check that offset > oldoffset so that you don't get a negative foffset. Myles -- coreboot mailing list: [email protected] http://www.coreboot.org/mailman/listinfo/coreboot
