diff options
author | Jacob Garber <jgarber1@ualberta.ca> | 2019-08-13 14:25:20 -0600 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-08-16 04:13:20 +0000 |
commit | 445e371ebc7afaca6be293f43055eae0fbeb67be (patch) | |
tree | ef130b3e82a6bb28b6f02f149ccaae24b8ba63c0 /tests | |
parent | 26c3f19073bac4c01fdbf4e3417e341d235f60ab (diff) | |
download | vboot-445e371ebc7afaca6be293f43055eae0fbeb67be.tar.gz |
tests: Fix off-by-one error in array bounds check
rptr points to an object with rsize number of bytes. If offset + size ==
rsize, then rptr + offset + size will point to one byte past the end of
the object during the memcpy(). Exclude this case by adding it to the
bounds check. We can also remove the offset > rsize check since it is
subsumed in the other one.
BUG=none
TEST=make clean && make runtests
BRANCH=none
Change-Id: Iceda658f420babe61bd1d9807efc8333d2044ccc
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 198905
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1752766
Reviewed-by: Joel Kitching <kitching@chromium.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/vb2_gbb_tests.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/vb2_gbb_tests.c b/tests/vb2_gbb_tests.c index 92d617aa..4acb328c 100644 --- a/tests/vb2_gbb_tests.c +++ b/tests/vb2_gbb_tests.c @@ -78,7 +78,7 @@ vb2_error_t vb2ex_read_resource(struct vb2_context *c, return VB2_ERROR_EX_READ_RESOURCE_INDEX; } - if (offset > rsize || offset + size > rsize) + if (offset + size >= rsize) return VB2_ERROR_EX_READ_RESOURCE_SIZE; memcpy(buf, rptr + offset, size); |