[coreboot] [coreboot - Bug #496] (New) Missing malloc check in libpayload

Keith Makan Tue, 27 Jun 2023 02:53:32 -0700

Issue #496 has been reported by Keith Makan.

----------------------------------------
Bug #496: Missing malloc check in libpayload
https://ticket.coreboot.org/issues/496


* Author: Keith Makan
* Status: New
* Priority: Normal
* Target version: none
* Start date: 2023-06-27
* Affected versions: 4.21
* Affected hardware: ALL
* Affected OS: ALL
----------------------------------------
libpayload in payload/libpayload/drivers/options.c::get_option_as_string does 
not issue a NULL check against malloc's return code. 
Should there be a NOMEM error this may result in a NULL pointer deref or crash.

The following code extract illustrates the mentioned issue:
`
int get_option_as_string(const struct nvram_accessor *nvram, struct 
cb_cmos_option_table *option_table, char **dest, const char *name)
{
...

        /* extra byte to ensure 0-terminated strings */
        raw = malloc(cmos_length+1);
        memset(raw, 0, cmos_length+1); <--- no check against malloc's return 
code
`



-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
https://ticket.coreboot.org/my/account
_______________________________________________
coreboot mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[coreboot] [coreboot - Bug #496] (New) Missing malloc check in libpayload

Reply via email to