The test of the UEFI LocateHandleBuffer() function clears a returned buffer
at some point to reuse it, but there is an error in the size computation,
which leads to a buffer overflow; fix it.
Fixes: 927ca890b09f ("efi_selftest: test protocol management")
Signed-off-by: Vincent Stehlé <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: Ilias Apalodimas <[email protected]>
Cc: Tom Rini <[email protected]>
---
lib/efi_selftest/efi_selftest_manageprotocols.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/efi_selftest/efi_selftest_manageprotocols.c
b/lib/efi_selftest/efi_selftest_manageprotocols.c
index 097b2ae3545..ccffa59095d 100644
--- a/lib/efi_selftest/efi_selftest_manageprotocols.c
+++ b/lib/efi_selftest/efi_selftest_manageprotocols.c
@@ -241,7 +241,7 @@ static int execute(void)
return EFI_ST_FAILURE;
}
/* Clear the buffer, we are reusing it it the next step. */
- boottime->set_mem(buffer, sizeof(efi_handle_t) * buffer_size, 0);
+ boottime->set_mem(buffer, sizeof(efi_handle_t) * count, 0);
/*
* Test LocateHandle with ByProtocol
--
2.51.0
