Google Git
Sign in
chromium / chromiumos / third_party / em100 / 2372d7a202ec101bcb18fa30eb2bfd199b7d9844
commit2372d7a202ec101bcb18fa30eb2bfd199b7d9844[log] [tgz]
authorStefan Reinauer <stefan.reinauer@coreboot.org>Sat Oct 10 10:46:45 2015
committerStefan Reinauer <stefan.reinauer@coreboot.org>Sat Oct 10 12:41:01 2015
tree74211f1791b42bf7bb9649ef6af943b73a5c1dea
parentfba6eb3fa4831aee0b6f567230f20b41e8e18d67 [diff]
Limit data count in read_spi_trace()

We have a buffer size of 8192 bytes, and each packet is 8 bytes long,
so we need to make sure we don't overflow the buffer.

Coverity CID 146720: Untrusted loop bound

An attacker could control the number of times the loop iterates.

In read_spi_trace: An unscrutinzed value from an untrusted source used
as a loop upper bound (CWE-606)

Change-Id: I7b25d7f471b855fb5787554ae47bf04d0a1d7de0
Signed-off-by: Stefan Reinauer <stefan.reinauer@coreboot.org>
Reviewed-on: http://review.coreboot.org/11851
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <pgeorgi@google.com>
1 file changed
tree: 74211f1791b42bf7bb9649ef6af943b73a5c1dea
  1. .gitignore
  2. COPYING
  3. em100.c
  4. em100.h
  5. em100pro_chips.h
  6. firmware.c
  7. fpga.c
  8. hexdump.c
  9. makechips.c
  10. makechips.sh
  11. Makefile
  12. protocol-notes.txt
  13. README
  14. sdram.c
  15. spi.c
  16. system.c
  17. trace.c
  18. usb-protocol.md
  19. usb.c