From 7f5f9331d1c8bc6012b4179018079e1b6aedc665 Mon Sep 17 00:00:00 2001 From: Philipp Bartsch Date: Fri, 15 May 2020 07:17:46 +0200 Subject: [PATCH] util/cbfstool: fix buffer over-read Fix unterminated array. When looking for a type not specified in filetypes (cbfs.h:204), the loop in lookup_name_by_type (cbfs_image.c:60) will run into a buffer over-read. Found-by: AFL++ 2.64d rev 1317433 Signed-off-by: Philipp Bartsch Change-Id: Ib82bb92e82b09fa1e26b9ca34529ec7b98e8f7b1 Reviewed-on: https://review.coreboot.org/c/coreboot/+/41421 Reviewed-by: Julius Werner Reviewed-by: Paul Menzel Tested-by: build bot (Jenkins) --- util/cbfstool/cbfs.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/util/cbfstool/cbfs.h b/util/cbfstool/cbfs.h index 421f0bc703..e58dfae009 100644 --- a/util/cbfstool/cbfs.h +++ b/util/cbfstool/cbfs.h @@ -210,7 +210,8 @@ static struct typedesc_t filetypes[] unused = { {CBFS_COMPONENT_EFI, "efi"}, {CBFS_COMPONENT_STRUCT, "struct"}, {CBFS_COMPONENT_DELETED, "deleted"}, - {CBFS_COMPONENT_NULL, "null"} + {CBFS_COMPONENT_NULL, "null"}, + {0, NULL} }; static const struct typedesc_t types_cbfs_hash[] unused = {