On Tue, 2025-07-01 at 17:51 +0300, Jarkko Sakkinen wrote: > Repeal and replace tpm_buf_init() and tpm_buf_init_sized() with > tpm_buf_alloc(), which returns a buffer of memory with the struct > tpm_buf header at the beginning of the returned buffer. This leaves > 4090 bytes of free space for the payload.
Shouldn't this be accounted for in tpm_buf_append()? right now it will let us run off the end of the allocation by six bytes before it signals overflow because it's checking final length against PAGE_SIZE not PAGE_SIZE - sizeof(struct tpm_buf). I realise this should be an impossible condition in production, but it's useful for debugging so we should be accurate about it to avoid hard to detect bugs. Regards, James
