Re: [yocto] [psplash][PATCH] psplash.c: fix crash from length becoming negative

Mon, 10 Feb 2025 09:38:02 -0800 

On Mon, Feb 10, 2025 at 12:54 AM Chris Moore via
lists.yoctoproject.org
<cmoore=hanoverdisplays....@lists.yoctoproject.org> wrote:
>
> From: Chris Moore <cmo...@hanoverdisplays.com>
> Date: Fri, 7 Feb 2025 15:21:02 +0000
> Subject: [psplash][PATCH] psplash.c: fix crash from length becoming
> negative
>
> Fixes [Yocto #14806]
>
> If there is an error in read(), it returns -1 but this is just added to
> length without checking first. This can lead to a runaway negative
> value
> for length which eventually crashes when memchr() is called with the
> negative value.
>
> The fix is to check the return from read() first and handle the error
> state.
>
> Signed-off-by: Chris Moore <cmo...@hanoverdisplays.com>
> ---
>  psplash.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/psplash.c b/psplash.c
> index ee1af6b..0db0aa4 100644
> --- a/psplash.c
> +++ b/psplash.c
> @@ -140,6 +140,7 @@ psplash_main (PSplashFB *fb, int pipe_fd, int
> timeout)
>  {
>    int            err;
>    ssize_t        length = 0;
> +  ssize_t        ret = 0;
>    fd_set         descriptors;
>    struct timeval tv;
>    char          *end;
> @@ -170,15 +171,16 @@ psplash_main (PSplashFB *fb, int pipe_fd, int
> timeout)
>           return;
>         }
>
> -      length += read (pipe_fd, end, sizeof(command) - (end -
> command));
> +      ret = read (pipe_fd, end, sizeof(command) - (end - command));

good find.  even -Wunused-result would not catch it :)

>
> -      if (length == 0)
> +      if (ret <= 0)
>         {
>           /* Reopen to see if there's anything more for us */
>           close(pipe_fd);
>           pipe_fd = open(PSPLASH_FIFO,O_RDONLY|O_NONBLOCK);
>           goto out;
>         }
> +      length += ret;
>
>        cmd = command;
>        do {
> --
> 2.45.2
>
>
> Chris Moore
>
>
> Embedded Software Engineer
>
>
>
>
>
> @ cmo...@hanoverdisplays.com
> T   +44 1273 477528
>
>
> www.hanoverdisplays.comHanover Displays Ltd. Southerham House, Southerham 
> Lane, Lewes, East Sussex BN8 6JN, UK
>
>
> Registered in England No: 1876684
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#64754): https://lists.yoctoproject.org/g/yocto/message/64754
Mute This Topic: https://lists.yoctoproject.org/mt/111098996/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to