diff mbox series

psplash.c: fix crash from length becoming negative

Message ID 036b2d9feb26fd94e2f80d6fc46ede8c2775e6d8.camel@hanoverdisplays.com
State New
Headers show
Series psplash.c: fix crash from length becoming negative | expand

Commit Message

Chris Moore Feb. 10, 2025, 8:33 a.m. UTC 
Fixes [Yocto #14806]

If there is an error in read(), it returns -1 but this is just added to
length without checking first. This can lead to a runaway negative
value
for length which eventually crashes when memchr() is called with the
negative value.

The fix is to check the return from read() first and handle the error
state.

Signed-off-by: Chris Moore <cmoore@hanoverdisplays.com>
---
 psplash.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

   char          *end;
@@ -170,15 +171,16 @@ psplash_main (PSplashFB *fb, int pipe_fd, int
timeout)
 	  return;
 	}
       
-      length += read (pipe_fd, end, sizeof(command) - (end -
command));
+      ret = read (pipe_fd, end, sizeof(command) - (end - command));
 
-      if (length == 0) 
+      if (ret <= 0) 
 	{
 	  /* Reopen to see if there's anything more for us */
 	  close(pipe_fd);
 	  pipe_fd = open(PSPLASH_FIFO,O_RDONLY|O_NONBLOCK);
 	  goto out;
 	}
+      length += ret;
 
       cmd = command;
       do {
-- 
2.45.2


Chris Moore 


Embedded Software Engineer


 


@ cmoore@hanoverdisplays.com 
T   +44 1273 477528 


www.hanoverdisplays.comHanover Displays Ltd. Southerham House, Southerham Lane, Lewes, East Sussex BN8 6JN, UK


Registered in England No: 1876684

Comments

Chris Moore Feb. 10, 2025, 8:41 a.m. UTC | #1 
I do apologise - I have the wrong mailing list. I need https://lists.yoctoproject.org/g/yocto - will submit there.
Chris Moore 


Embedded Software Engineer


 


@ cmoore@hanoverdisplays.com 
T   +44 1273 477528 


www.hanoverdisplays.comHanover Displays Ltd. Southerham House, Southerham Lane, Lewes, East Sussex BN8 6JN, UK


Registered in England No: 1876684
patchtest@automation.yoctoproject.org Feb. 10, 2025, 8:46 a.m. UTC | #2 
Thank you for your submission. Patchtest identified one
or more issues with the patch. Please see the log below for
more information:

---
Testing patch /home/patchtest/share/mboxes/psplash.c-fix-crash-from-length-becoming-negative.patch

FAIL: test mbox format: Series has malformed diff lines. Create the series again using git-format-patch and ensure it applies using git am (test_mbox.TestMbox.test_mbox_format)

PASS: test Signed-off-by presence (test_mbox.TestMbox.test_signed_off_by_presence)
PASS: test author valid (test_mbox.TestMbox.test_author_valid)
PASS: test commit message presence (test_mbox.TestMbox.test_commit_message_presence)
PASS: test commit message user tags (test_mbox.TestMbox.test_commit_message_user_tags)
PASS: test max line length (test_metadata.TestMetadata.test_max_line_length)
PASS: test non-AUH upgrade (test_mbox.TestMbox.test_non_auh_upgrade)
PASS: test shortlog format (test_mbox.TestMbox.test_shortlog_format)
PASS: test shortlog length (test_mbox.TestMbox.test_shortlog_length)
PASS: test target mailing list (test_mbox.TestMbox.test_target_mailing_list)

SKIP: pretest pylint: Python-unidiff parse error (test_python_pylint.PyLint.pretest_pylint)
SKIP: pretest src uri left files: No modified recipes, skipping pretest (test_metadata.TestMetadata.pretest_src_uri_left_files)
SKIP: test CVE check ignore: No modified recipes or older target branch, skipping test (test_metadata.TestMetadata.test_cve_check_ignore)
SKIP: test CVE tag format: Parse error Unexpected hunk found: @@ -170,15 +171,16 @@ psplash_main (PSplashFB *fb, int pipe_fd, int
SKIP: test Signed-off-by presence: Parse error Unexpected hunk found: @@ -170,15 +171,16 @@ psplash_main (PSplashFB *fb, int pipe_fd, int
SKIP: test Upstream-Status presence: Parse error Unexpected hunk found: @@ -170,15 +171,16 @@ psplash_main (PSplashFB *fb, int pipe_fd, int
SKIP: test bugzilla entry format: No bug ID found (test_mbox.TestMbox.test_bugzilla_entry_format)
SKIP: test lic files chksum modified not mentioned: No modified recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_modified_not_mentioned)
SKIP: test lic files chksum presence: No added recipes, skipping test (test_metadata.TestMetadata.test_lic_files_chksum_presence)
SKIP: test license presence: No added recipes, skipping test (test_metadata.TestMetadata.test_license_presence)
SKIP: test pylint: Python-unidiff parse error (test_python_pylint.PyLint.test_pylint)
SKIP: test series merge on head: Merge test is disabled for now (test_mbox.TestMbox.test_series_merge_on_head)
SKIP: test src uri left files: No modified recipes, skipping pretest (test_metadata.TestMetadata.test_src_uri_left_files)
SKIP: test summary presence: No added recipes, skipping test (test_metadata.TestMetadata.test_summary_presence)

---

Please address the issues identified and
submit a new revision of the patch, or alternatively, reply to this
email with an explanation of why the patch should be accepted. If you
believe these results are due to an error in patchtest, please submit a
bug at https://bugzilla.yoctoproject.org/ (use the 'Patchtest' category
under 'Yocto Project Subprojects'). For more information on specific
failures, see: https://wiki.yoctoproject.org/wiki/Patchtest. Thank
you!
diff mbox series

Patch

diff --git a/psplash.c b/psplash.c
index ee1af6b..0db0aa4 100644
--- a/psplash.c
+++ b/psplash.c
@@ -140,6 +140,7 @@  psplash_main (PSplashFB *fb, int pipe_fd, int
timeout)
 {
   int            err;
   ssize_t        length = 0;
+  ssize_t        ret = 0;
   fd_set         descriptors;
   struct timeval tv;