From: Arvind Sankar <nivedita@alum.mit.edu>
Date: Mon, 18 May 2020 15:07:07 -0400
Subject: efi/printf: Abort on invalid format
Patch-mainline: v5.8-rc1
Git-commit: f97ca2c816748e3b7dee58775632f9e9269071e6
References: jsc#SLE-16407
If we get an invalid conversion specifier, bail out instead of trying to
fix it up. The format string likely has a typo or assumed we support
something that we don't, in either case the remaining arguments won't
match up with the remaining format string.
Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
Link: https://lore.kernel.org/r/20200518190716.751506-16-nivedita@alum.mit.edu
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
---
drivers/firmware/efi/libstub/vsprintf.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
--- a/drivers/firmware/efi/libstub/vsprintf.c
+++ b/drivers/firmware/efi/libstub/vsprintf.c
@@ -359,12 +359,13 @@ int vsprintf(char *buf, const char *fmt,
break;
default:
- *str++ = '%';
- if (*fmt)
- *str++ = *fmt;
- else
- --fmt;
- continue;
+ /*
+ * Bail out if the conversion specifier is invalid.
+ * There's probably a typo in the format string and the
+ * remaining specifiers are unlikely to match up with
+ * the arguments.
+ */
+ goto fail;
}
if (*fmt == 'p') {
num = (unsigned long)va_arg(args, void *);
@@ -434,6 +435,7 @@ output:
while (field_width-- > 0)
*str++ = ' ';
}
+fail:
*str = '\0';
va_end(args);