On Thu Feb 19, 2026 at 8:43 PM EET, Vincent Stehlé wrote:
> The test of the UEFI LocateHandleBuffer() function clears a returned buffer
> at some point to reuse it, but there is an error in the size computation,
> which leads to a buffer overflow; fix it.
>
> Fixes: 927ca890b09f ("efi_selftest: test protocol management")
> Signed-off-by: Vincent Stehlé <[email protected]>
> Cc: Heinrich Schuchardt <[email protected]>
> Cc: Ilias Apalodimas <[email protected]>
> Cc: Tom Rini <[email protected]>
> ---Reviewed-by: Ilias Apalodimas <[email protected]> > lib/efi_selftest/efi_selftest_manageprotocols.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/efi_selftest/efi_selftest_manageprotocols.c > b/lib/efi_selftest/efi_selftest_manageprotocols.c > index 097b2ae3545..ccffa59095d 100644 > --- a/lib/efi_selftest/efi_selftest_manageprotocols.c > +++ b/lib/efi_selftest/efi_selftest_manageprotocols.c > @@ -241,7 +241,7 @@ static int execute(void) > return EFI_ST_FAILURE; > } > /* Clear the buffer, we are reusing it it the next step. */ > - boottime->set_mem(buffer, sizeof(efi_handle_t) * buffer_size, 0); > + boottime->set_mem(buffer, sizeof(efi_handle_t) * count, 0); > > /* > * Test LocateHandle with ByProtocol
