From: Chris Moore <cmo...@hanoverdisplays.com>
Date: Fri, 7 Feb 2025 15:21:02 +0000
Subject: [psplash][PATCH] psplash.c: fix crash from length becoming
negative
Fixes [Yocto #14806]
If there is an error in read(), it returns -1 but this is just added to
length without checking first. This can lead to a runaway negative
value
for length which eventually crashes when memchr() is called with the
negative value.
The fix is to check the return from read() first and handle the error
state.
Signed-off-by: Chris Moore <cmo...@hanoverdisplays.com>
---
psplash.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/psplash.c b/psplash.c
index ee1af6b..0db0aa4 100644
--- a/psplash.c
+++ b/psplash.c
@@ -140,6 +140,7 @@ psplash_main (PSplashFB *fb, int pipe_fd, int
timeout)
{
int err;
ssize_t length = 0;
+ ssize_t ret = 0;
fd_set descriptors;
struct timeval tv;
char *end;
@@ -170,15 +171,16 @@ psplash_main (PSplashFB *fb, int pipe_fd, int
timeout)
return;
}
- length += read (pipe_fd, end, sizeof(command) - (end -
command));
+ ret = read (pipe_fd, end, sizeof(command) - (end - command));
- if (length == 0)
+ if (ret <= 0)
{
/* Reopen to see if there's anything more for us */
close(pipe_fd);
pipe_fd = open(PSPLASH_FIFO,O_RDONLY|O_NONBLOCK);
goto out;
}
+ length += ret;
cmd = command;
do {
--
2.45.2
Chris Moore
Embedded Software Engineer
@ cmo...@hanoverdisplays.com
T +44 1273 477528
www.hanoverdisplays.comHanover Displays Ltd. Southerham House, Southerham Lane,
Lewes, East Sussex BN8 6JN, UK
Registered in England No: 1876684
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#64753): https://lists.yoctoproject.org/g/yocto/message/64753
Mute This Topic: https://lists.yoctoproject.org/mt/111098996/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
