On Mon, 2025-02-10 at 08:53 +0000, Chris Moore via lists.yoctoproject.org wrote:
> From: Chris Moore <cmo...@hanoverdisplays.com>
> Date: Fri, 7 Feb 2025 15:21:02 +0000
> Subject: [psplash][PATCH] psplash.c: fix crash from length becoming
> negative
>
> Fixes [Yocto #14806]
>
> If there is an error in read(), it returns -1 but this is just added to
> length without checking first. This can lead to a runaway negative
> value
> for length which eventually crashes when memchr() is called with the
> negative value.
>
> The fix is to check the return from read() first and handle the error
> state.
>
> Signed-off-by: Chris Moore <cmo...@hanoverdisplays.com>
> ---
> psplash.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/psplash.c b/psplash.c
> index ee1af6b..0db0aa4 100644
> --- a/psplash.c
> +++ b/psplash.c
> @@ -140,6 +140,7 @@ psplash_main (PSplashFB *fb, int pipe_fd, int
> timeout)
> {
> int err;
> ssize_t length = 0;
> + ssize_t ret = 0;
> fd_set descriptors;
> struct timeval tv;
> char *end;
> @@ -170,15 +171,16 @@ psplash_main (PSplashFB *fb, int pipe_fd, int
> timeout)
> return;
> }
>
> - length += read (pipe_fd, end, sizeof(command) - (end -
> command));
> + ret = read (pipe_fd, end, sizeof(command) - (end - command));
>
> - if (length == 0)
> + if (ret <= 0)
> {
> /* Reopen to see if there's anything more for us */
> close(pipe_fd);
> pipe_fd = open(PSPLASH_FIFO,O_RDONLY|O_NONBLOCK);
> goto out;
> }
> + length += ret;
>
> cmd = command;
> do {
The patch came through as line wrapped but I've managed to get it to
apply, thanks for the fix.
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#64755): https://lists.yoctoproject.org/g/yocto/message/64755
Mute This Topic: https://lists.yoctoproject.org/mt/111098996/21656
Group Owner: yocto+ow...@lists.yoctoproject.org
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
