Chameleon

Chameleon Commit Details

Date:2014-01-07 09:38:56 (10 years 3 months ago)
Author:Chuck Fry
Commit:2313
Parents: 2312
Message:getMemoryInfoString: defend against buffer overruns, change O(n^2) algorithm to O(n)
Changes:
M/branches/chucko/i386/boot2/options.c

File differences

branches/chucko/i386/boot2/options.c
641641
642642
643643
644
645
646
647
644
645
646
647
648
648649
649
650
651
652
653
654
655
656
657
658
659
660
661
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
662666
663667
664668
char *getMemoryInfoString()
{
int i;
MemoryRange *mp = bootInfo->memoryMap;
char *buff = malloc(sizeof(char)*1024);
if(!buff) return 0;
int i, bufflen;
MemoryRange *mp = bootInfo->memoryMap;
char *buff = malloc(sizeof(char)*1024);
if (!buff)
return 0;
char info[] = "BIOS reported memory ranges:\n";
sprintf(buff, "%s", info);
for (i=0; i<bootInfo->memoryMapCount; i++) {
sprintf( buff+strlen(buff), "Base 0x%08x%08x, ",
(unsigned long)(mp->base >> 32),
(unsigned long)(mp->base));
sprintf( buff+strlen(buff), "length 0x%08x%08x, type %d\n",
(unsigned long)(mp->length >> 32),
(unsigned long)(mp->length),
mp->type);
mp++;
}
return buff;
static const char info[] = "BIOS reported memory ranges:\n";
bufflen = sprintf(buff, "%s", info);
for (i = 0;
(i < bootInfo->memoryMapCount) && (bufflen < 1024); /* prevent buffer overflow */
i++) {
bufflen += snprintf(buff+bufflen, 1024-bufflen, "Base 0x%08x%08x, ",
(unsigned long)(mp->base >> 32),
(unsigned long)(mp->base));
bufflen += snprintf(buff+bufflen, 1024-bufflen, "length 0x%08x%08x, type %d\n",
(unsigned long)(mp->length >> 32),
(unsigned long)(mp->length),
mp->type);
mp++;
}
return buff;
}
//==========================================================================

Archive Download the corresponding diff file

Revision: 2313