From 361a5c095262adc139f0d7504fb25e1215eebc8f Mon Sep 17 00:00:00 2001 From: Nico Huber Date: Thu, 26 Nov 2020 13:35:09 +0100 Subject: [PATCH] spi/flashconsole: Fix internal buffer overflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Once the console's FMAP region is full, we stop clearing the line buffer and `line_offset` is not reset anymore. Hence, sanity check `line_offset` everytime before writing to the buffer. The issue resulted in boot hangs and potentially a brick if the log was very verbose. Change-Id: I36e9037d7baf8c1ed8b2d0c120bfffa58c089c95 Signed-off-by: Nico Huber Reviewed-on: https://review.coreboot.org/c/coreboot/+/48074 Reviewed-by: Paul Menzel Reviewed-by: Michael Niewöhner Reviewed-by: Angel Pons Tested-by: build bot (Jenkins) --- src/drivers/spi/flashconsole.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/drivers/spi/flashconsole.c b/src/drivers/spi/flashconsole.c index 654177f6d3..d5c4382101 100644 --- a/src/drivers/spi/flashconsole.c +++ b/src/drivers/spi/flashconsole.c @@ -75,7 +75,8 @@ void flashconsole_tx_byte(unsigned char c) size_t region_size = region_device_sz(rdev_ptr); - line_buffer[line_offset++] = c; + if (line_offset < LINE_BUFFER_SIZE) + line_buffer[line_offset++] = c; if (line_offset >= LINE_BUFFER_SIZE || offset + line_offset >= region_size || c == '\n') {