From 361a5c095262adc139f0d7504fb25e1215eebc8f Mon Sep 17 00:00:00 2001
From: Nico Huber <nico.huber@secunet.com>
Date: Thu, 26 Nov 2020 13:35:09 +0100
Subject: [PATCH] spi/flashconsole: Fix internal buffer overflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Once the console's FMAP region is full, we stop clearing the line
buffer and `line_offset` is not reset anymore. Hence, sanity check
`line_offset` everytime before writing to the buffer.

The issue resulted in boot hangs and potentially a brick if the
log was very verbose.

Change-Id: I36e9037d7baf8c1ed8b2d0c120bfffa58c089c95
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/48074
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Michael Niewöhner <foss@mniewoehner.de>
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
 src/drivers/spi/flashconsole.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/drivers/spi/flashconsole.c b/src/drivers/spi/flashconsole.c
index 654177f6d3..d5c4382101 100644
--- a/src/drivers/spi/flashconsole.c
+++ b/src/drivers/spi/flashconsole.c
@@ -75,7 +75,8 @@ void flashconsole_tx_byte(unsigned char c)
 
 	size_t region_size = region_device_sz(rdev_ptr);
 
-	line_buffer[line_offset++] = c;
+	if (line_offset < LINE_BUFFER_SIZE)
+		line_buffer[line_offset++] = c;
 
 	if (line_offset >= LINE_BUFFER_SIZE ||
 	    offset + line_offset >= region_size || c == '\n') {