[flashrom] [PATCH] Fix layout parser bugs
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2006 at gmx.net
Mon Sep 23 18:31:48 CEST 2013
Fix 3 parser bugs, details later. Code now.
Untested, compiles.
Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net>
Index: flashrom-parserbugs/layout.c
===================================================================
--- flashrom-parserbugs/layout.c (Revision 1750)
+++ flashrom-parserbugs/layout.c (Arbeitskopie)
@@ -60,30 +60,33 @@
}
while (!feof(romlayout)) {
- char *tstr1, *tstr2;
+ char *tstr1, *tstr2, *tstr3, *tstr4;
if (num_rom_entries >= MAX_ROMLAYOUT) {
msg_gerr("Maximum number of ROM images (%i) in layout "
"file reached.\n", MAX_ROMLAYOUT);
+ fclose(romlayout);
return 1;
}
- if (2 != fscanf(romlayout, "%s %s\n", tempstr, rom_entries[num_rom_entries].name))
- continue;
-#if 0
- // fscanf does not like arbitrary comments like that :( later
- if (tempstr[0] == '#') {
- continue;
+ if (!fgets(tempstr, 256, romlayout)) {
+ printf("Failing fgets without EOF should not happen!\n");
+ break;
}
-#endif
+
tstr1 = strtok(tempstr, ":");
- tstr2 = strtok(NULL, ":");
- if (!tstr1 || !tstr2) {
- msg_gerr("Error parsing layout file. Offending string: \"%s\"\n", tempstr);
+ tstr2 = strtok(NULL, " \t");
+ tstr3 = strtok(NULL, " \t\r\n");
+ tstr4 = strtok(NULL, " \t\r\n");
+ if (!tstr1 || !tstr2 || !tstr3 || tstr4) {
+ msg_gerr("Error parsing layout file. Offending string after parsing: \"%s:%s %s%s\"\n", tstr1 ? : "(null)", tstr2 ? : "(null)", tstr3 ? : "(null)", tstr4 ? "trailing garbage" : "");
fclose(romlayout);
- return 1;
+ return 2;
}
+ printf("strlen(tempstr)=%lu, strlen(name)=%lu\n", strlen(tempstr), strlen(rom_entries[num_rom_entries].name));
rom_entries[num_rom_entries].start = strtol(tstr1, (char **)NULL, 16);
rom_entries[num_rom_entries].end = strtol(tstr2, (char **)NULL, 16);
+ /* strcpy is actually safe here because tstr3 is shorter than 256 bytes because strlen(tempstr)<256. */
+ strcpy(rom_entries[num_rom_entries].name, tstr3);
rom_entries[num_rom_entries].included = 0;
num_rom_entries++;
}
--
http://www.hailfinger.org/
More information about the flashrom
mailing list