efi/printf: Abort on invalid format

If we get an invalid conversion specifier, bail out instead of trying to
fix it up. The format string likely has a typo or assumed we support
something that we don't, in either case the remaining arguments won't
match up with the remaining format string.

Signed-off-by: Arvind Sankar <nivedita@alum.mit.edu>
Link: https://lore.kernel.org/r/20200518190716.751506-16-nivedita@alum.mit.edu
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>

diff --git a/drivers/firmware/efi/libstub/vsprintf.c b/drivers/firmware/efi/libstub/vsprintf.c
index c09d970..cca6b80 100644 (file)
--- a/drivers/firmware/efi/libstub/vsprintf.c
+++ b/drivers/firmware/efi/libstub/vsprintf.c
@@ -359,12 +359,13 @@ int vsprintf(char *buf, const char *fmt, va_list ap)
                        break;
 
                default:
-                       *str++ = '%';
-                       if (*fmt)
-                               *str++ = *fmt;
-                       else
-                               --fmt;
-                       continue;
+                       /*
+                        * Bail out if the conversion specifier is invalid.
+                        * There's probably a typo in the format string and the
+                        * remaining specifiers are unlikely to match up with
+                        * the arguments.
+                        */
+                       goto fail;
                }
                if (*fmt == 'p') {
                        num = (unsigned long)va_arg(args, void *);
@@ -434,6 +435,7 @@ output:
                while (field_width-- > 0)
                        *str++ = ' ';
        }
+fail:
        *str = '\0';
 
        va_end(args);