summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWilliam Wilgus <wilgus.william@gmail.com>2024-06-05 01:03:13 -0400
committerWilliam Wilgus <me.theuser@yahoo.com>2024-06-05 19:13:47 -0400
commite54dedd8df7de98ccbc082afadf977f56ce8259f (patch)
tree6221ea0b4145aab4f1558cc621a119e05e187d29
parent74552d5404e6ada5a37042d8de789784d914a080 (diff)
downloadrockbox-e54dedd8df.tar.gz
rockbox-e54dedd8df.zip
[coverity] fat.c fatlong_parse_entry() buffer overrun, fix warning basisname
BYTES2INT16() uses [i + 0] and [i + 1] therefore 30 is the max element available in the raw byte array of size 32 (((uint32_t)array[pos+0] << 0) | \ ((uint32_t)array[pos+1] << 8)) struct /* raw byte array */ { uint8_t data[32]; }; basisname is only uninitialized in the . and .. dir entries both are likely false positives but cheap enough to guard against Change-Id: Iab3d186fed6050d2d61185071765a2c0feb9515f
-rw-r--r--firmware/drivers/fat.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/firmware/drivers/fat.c b/firmware/drivers/fat.c
index 20c8f2b8e0..ebf0f92798 100644
--- a/firmware/drivers/fat.c
+++ b/firmware/drivers/fat.c
@@ -659,11 +659,14 @@ static inline unsigned int longent_char_next(unsigned int i)
{
switch (i += 2)
{
+ /* flip endian for elements 14 - 27 */
case 26: i -= 1; /* return 28 */
+ /* Fall-Through */
case 11: i += 3; /* return 14 */
}
-
- return i < 32 ? i : 0;
+ /* BYTES2INT16() uses [i + 0] and [i + 1] therefore
+ * 30 is the max element available in the raw byte array of size 32 */
+ return i < 31 ? i : 0;
}
/* initialize the parse state; call before parsing first long entry */
@@ -1708,6 +1711,7 @@ static int add_dir_entry(struct bpb *fat_bpb, struct fat_filestr *parentstr,
int dots = strlcpy(shortname, name, 11);
memset(&shortname[dots], ' ', 11 - dots);
entries_needed = 1;
+ basisname[0] = '\0';
}
else
{