efi_loader: avoid using unitialized values as console size
If a request for the console size would be answered with a response
with less then three values, uninitialized stack memory would be
copied to the number of rows and columns of the terminal.
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Alexander Graf <agraf@suse.de>
diff --git a/lib/efi_loader/efi_console.c b/lib/efi_loader/efi_console.c
index c09b93d..0bfc24d 100644
--- a/lib/efi_loader/efi_console.c
+++ b/lib/efi_loader/efi_console.c
@@ -60,7 +60,15 @@
.cursor_visible = 1,
};
-static int term_read_reply(int *n, int maxnum, char end_char)
+/*
+ * Receive and parse a reply from the terminal.
+ *
+ * @n: array of return values
+ * @num: number of return values expected
+ * @end_char: character indicating end of terminal message
+ * @return: non-zero indicates error
+ */
+static int term_read_reply(int *n, int num, char end_char)
{
char c;
int i = 0;
@@ -77,7 +85,7 @@
c = getc();
if (c == ';') {
i++;
- if (i >= maxnum)
+ if (i >= num)
return -1;
n[i] = 0;
continue;
@@ -91,6 +99,8 @@
n[i] *= 10;
n[i] += c - '0';
}
+ if (i != num - 1)
+ return -1;
return 0;
}