From f2ba2d9421744eb31e4001f448ad02593dd82883 Mon Sep 17 00:00:00 2001 From: Jacob Garber Date: Tue, 2 Jul 2019 10:50:10 -0600 Subject: [PATCH] arch/x86: Use ssize_t to store length size_t is the wrong type to store the return value of acpi_device_path_fill(), since any negative error values will be converted to a very large unsigned integer and potentially cause buffer overflow. Change-Id: Ia8ed62ecfac8eaa18a61545bd203b3c7a7cd9ca5 Signed-off-by: Jacob Garber Found-by: Coverity CID 1402095 Reviewed-on: https://review.coreboot.org/c/coreboot/+/33962 Tested-by: build bot (Jenkins) Reviewed-by: HAOUAS Elyes Reviewed-by: Paul Menzel --- src/arch/x86/acpi_device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/arch/x86/acpi_device.c b/src/arch/x86/acpi_device.c index 57fbc89064..0fb8f3b000 100644 --- a/src/arch/x86/acpi_device.c +++ b/src/arch/x86/acpi_device.c @@ -148,7 +148,7 @@ const char *acpi_device_scope(struct device *dev) const char *acpi_device_path_join(struct device *dev, const char *name) { static char buf[DEVICE_PATH_MAX] = {}; - size_t len; + ssize_t len; if (!dev) return NULL;