From: Arvind Sankar <nivedita@alum.mit.edu>
Date: Mon, 18 May 2020 15:07:07 -0400
Subject: efi/printf: Abort on invalid format
Patch-mainline: v5.8-rc1
Git-commit: f97ca2c816748e3b7dee58775632f9e9269071e6
References: jsc#SLE-16407

If we get an invalid conversion specifier, bail out instead of trying to
fix it up. The format string likely has a typo or assumed we support
something that we don't, in either case the remaining arguments won't
match up with the remaining format string.

Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
Link: https://lore.kernel.org/r/20200518190716.751506-16-nivedita@alum.mit.edu
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
---
 drivers/firmware/efi/libstub/vsprintf.c |   14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

--- a/drivers/firmware/efi/libstub/vsprintf.c
+++ b/drivers/firmware/efi/libstub/vsprintf.c
@@ -359,12 +359,13 @@ int vsprintf(char *buf, const char *fmt,
 			break;
 
 		default:
-			*str++ = '%';
-			if (*fmt)
-				*str++ = *fmt;
-			else
-				--fmt;
-			continue;
+			/*
+			 * Bail out if the conversion specifier is invalid.
+			 * There's probably a typo in the format string and the
+			 * remaining specifiers are unlikely to match up with
+			 * the arguments.
+			 */
+			goto fail;
 		}
 		if (*fmt == 'p') {
 			num = (unsigned long)va_arg(args, void *);
@@ -434,6 +435,7 @@ output:
 		while (field_width-- > 0)
 			*str++ = ' ';
 	}
+fail:
 	*str = '\0';
 
 	va_end(args);