From f97ca2c816748e3b7dee58775632f9e9269071e6 Mon Sep 17 00:00:00 2001 From: Arvind Sankar Date: Mon, 18 May 2020 15:07:07 -0400 Subject: [PATCH] efi/printf: Abort on invalid format If we get an invalid conversion specifier, bail out instead of trying to fix it up. The format string likely has a typo or assumed we support something that we don't, in either case the remaining arguments won't match up with the remaining format string. Signed-off-by: Arvind Sankar Link: https://lore.kernel.org/r/20200518190716.751506-16-nivedita@alum.mit.edu Signed-off-by: Ard Biesheuvel --- drivers/firmware/efi/libstub/vsprintf.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/firmware/efi/libstub/vsprintf.c b/drivers/firmware/efi/libstub/vsprintf.c index c09d970..cca6b80 100644 --- a/drivers/firmware/efi/libstub/vsprintf.c +++ b/drivers/firmware/efi/libstub/vsprintf.c @@ -359,12 +359,13 @@ int vsprintf(char *buf, const char *fmt, va_list ap) break; default: - *str++ = '%'; - if (*fmt) - *str++ = *fmt; - else - --fmt; - continue; + /* + * Bail out if the conversion specifier is invalid. + * There's probably a typo in the format string and the + * remaining specifiers are unlikely to match up with + * the arguments. + */ + goto fail; } if (*fmt == 'p') { num = (unsigned long)va_arg(args, void *); @@ -434,6 +435,7 @@ output: while (field_width-- > 0) *str++ = ' '; } +fail: *str = '\0'; va_end(args); -- 2.7.4