commit | d0d642450f1f3a0f43e0e156ef57a0c460dd48cf | [log] [tgz] |
---|---|---|
author | David Horstmann <david.horstmann@arm.com> | Mon Jul 26 16:31:42 2021 +0100 |
committer | David Horstmann <david.horstmann@arm.com> | Mon Jul 26 16:42:25 2021 +0100 |
tree | 8f0d28da8f47a6d58363ac5efb2888da40f1b9b6 | |
parent | f98c0bea9c31630fce4895b8ae2fc50e399fe9ec [diff] |
fix(fdt): fix OOB write in uuid parsing function The function read_uuid() zeroes the UUID destination buffer on error. However, it mistakenly uses the dest pointer that has been incremented many times during the parsing, leading to an out-of-bounds write. To fix this, retain a pointer to the start of the buffer, and use this when clearing it instead. Signed-off-by: David Horstmann <david.horstmann@arm.com> Change-Id: Iee8857be5d3f383ca2eab86cde99a43bf606f306