Issue #496 has been updated by Martin Roth. Category set to Payloads
---------------------------------------- Bug #496: Missing malloc check in libpayload https://ticket.coreboot.org/issues/496#change-1629 * Author: Keith Makan * Status: New * Priority: Normal * Category: Payloads * Target version: none * Start date: 2023-06-27 * Affected versions: 4.21 * Affected hardware: ALL * Affected OS: ALL ---------------------------------------- libpayload in payload/libpayload/drivers/options.c::get_option_as_string does not issue a NULL check against malloc's return code. Should there be a NOMEM error this may result in a NULL pointer deref or crash. The following code extract illustrates the mentioned issue: ` int get_option_as_string(const struct nvram_accessor *nvram, struct cb_cmos_option_table *option_table, char **dest, const char *name) { ... /* extra byte to ensure 0-terminated strings */ raw = malloc(cmos_length+1); memset(raw, 0, cmos_length+1); <--- no check against malloc's return code ` -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account _______________________________________________ coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-le...@coreboot.org
