From mboxrd@z Thu Jan  1 00:00:00 1970
From: Laszlo Ersek <lersek@redhat.com>
Subject: Re: [PATCH] lib: Always NUL terminate ucs2_as_utf8
Date: Thu, 21 Apr 2016 18:21:11 +0200
Message-ID: <5718FDF7.4030309@redhat.com>
References: <1461141427-16361-1-git-send-email-chris@chris-wilson.co.uk>
 <5717834C.6070802@redhat.com> <20160421121827.GE2829@codeblueprint.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <intel-gfx-bounces@lists.freedesktop.org>
In-Reply-To: <20160421121827.GE2829@codeblueprint.co.uk>
List-Unsubscribe: <https://lists.freedesktop.org/mailman/options/intel-gfx>,
 <mailto:intel-gfx-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <https://lists.freedesktop.org/archives/intel-gfx>
List-Post: <mailto:intel-gfx@lists.freedesktop.org>
List-Help: <mailto:intel-gfx-request@lists.freedesktop.org?subject=help>
List-Subscribe: <https://lists.freedesktop.org/mailman/listinfo/intel-gfx>,
 <mailto:intel-gfx-request@lists.freedesktop.org?subject=subscribe>
Errors-To: intel-gfx-bounces@lists.freedesktop.org
Sender: "Intel-gfx" <intel-gfx-bounces@lists.freedesktop.org>
To: Matt Fleming <matt@codeblueprint.co.uk>
Cc: linux-efi@vger.kernel.org, Jason Andryuk <jandryuk@gmail.com>, intel-gfx@lists.freedesktop.org, linux-kernel@vger.kernel.org, Peter Jones <pjones@redhat.com>, Matthew Garrett <mjg59@coreos.com>
List-Id: linux-efi@vger.kernel.org

T24gMDQvMjEvMTYgMTQ6MTgsIE1hdHQgRmxlbWluZyB3cm90ZToKPiAoIEdvb2QgTG9yZCwgSSBo
YXRlIGRvaW5nIHN0cmluZyBtYW5pcHVsYXRpb24gaW4gQyApCj4gCj4gT24gV2VkLCAyMCBBcHIs
IGF0IDAzOjI1OjMyUE0sIExhc3psbyBFcnNlayB3cm90ZToKPj4KPj4gU28sICJsZW4iIGRvZXMg
bm90IGluY2x1ZGUgdGhlIHJvb20gZm9yIHRoZSB0ZXJtaW5hdGluZyBOVUwtYnl0ZSBoZXJlLgo+
PiBXaGVuICJsZW4iIGlzIHBhc3NlZCB0byB1Y3MyX2FzX3V0ZjgoKSwgd2l0aCB0aGUgcHJvcG9z
ZWQgcGF0Y2ggYXBwbGllZCwKPj4gYSBOVUwgYnl0ZSB3aWxsIGJlIHByb2R1Y2VkIGluICJuYW1l
IiwgYnV0IGl0IHdpbGwgYmUgYXQgdGhlIHByaWNlIG9mIGEKPj4gZ2VudWluZSBjaGFyYWN0ZXIg
ZnJvbSB0aGUgaW5wdXQgdmFyaWFibGUgbmFtZS4KPiAKPiBSaWdodCwgYW5kIHRoaXMgaXMgYSBw
cm9ibGVtIGJlY2F1c2Ugd2UncmUgdHJ5aW5nIHRvIGtlZXAgdGhlIG5hbWVzCj4gY29uc2lzdGVu
dCBiZXR3ZWVuIGVmaXZhcmZzIGFuZCB0aGUgRUZJIHZhcmlhYmxlIGRhdGEuIEZvcmNlCj4gTlVM
LXRlcm1pbmF0aW5nIHRoZSBzdHJpbmcgaXMgd3JvbmcsIGJlY2F1c2UgaWYgeW91IGhhdmUgbm8g
cm9vbSBmb3IKPiB0aGUgTlVMIHRoZSBjYWxsZXIgc2hvdWxkIGNoZWNrIGZvciB0aGF0LiBTYWRs
eSBub25lIGRvLgoKSSBkb24ndCB0aGluayBpdCBpcyBuZWNlc3NhcnkgdG8gY2hlY2sgZm9yIHRo
ZSByZXR1cm4gdmFsdWUgaWYgb24gaW5wdXQgdGhlIGNhbGxlciBjYW4gZ3VhcmFudGVlIChmcm9t
IHVjczJfdXRmOHNpemUoKSkgdGhhdCB0aGUgb3V0cHV0IGJ1ZmZlciB3aWxsIGJlIGxhcmdlIGVu
b3VnaC4KCj4gT24gdGhlIGZsaXAtc2lkZSwgcGFzc2luZyBhcm91bmQgbm9uLU5VTCB0ZXJtaW5h
dGVkIHN0cmluZ3MgaXMganVzdAo+IGJlZ2dpbmcgZm9yIHRoZXNlIGtpbmRzIG9mIGlzc3VlcyB0
byBjb21lIHVwLgoKIkRlcGVuZHMiLCBJIGd1ZXNzIDopIE5VTC10ZXJtaW5hdGlvbiBhbmQgKHB0
ciwgbGVuZ3RoKSBib3RoIHdvcmssIGJ1dCB3aGF0ZXZlciBpcyBjaG9zZW4gc2hvdWxkIGJlIHVz
ZWQgY29uc2lzdGVudGx5LgoKSW4gbXkgb3BpbmlvbiwgdGhlIHBhdHRlcm4gdGhlIGNvZGUgdHJp
ZXMgdG8gZm9sbG93IGlzIChwdHIsIGxlbmd0aCksIGFuZCB0aGUgZGlyZWN0IGlzc3VlIGlzIG9u
bHkgdGhhdCB2YXJpYWJsZV9tYXRjaGVzKCkgcGVyZm9ybXMgYW4gb3V0LW9mLWJvdW5kcyBhY2Nl
c3MuCgpXZSBjYW4gY2hhbmdlIHRoZSBwYXR0ZXJuIHRvIE5VTC10ZXJtaW5hdGlvbiwgYnV0IHRo
ZW4gaXQgc2hvdWxkIGJlIGNvbnNpc3RlbnRseSB1c2VkLCBhbmQgSSB0aGluayB2YXJpYWJsZV9t
YXRjaGVzKCkgc2hvdWxkIGJlIGFkYXB0ZWQganVzdCB0aGUgc2FtZS4gV2h5IHBhc3MgaW4gdGhl
IGxlbmd0aCB0byBleGFtaW5lIGlmIHRoZSBzdHJpbmcgaXMgTlVMLXRlcm1pbmF0ZWQsIGd1YXJh
bnRlZWQ/Cgo+IFRoZSBmYWN0IGlzIHRoYXQgdGhlIGNhbGxlcnMgb2YgdWNzMl9hc191dGY4KCkg
YXJlIHBhc3NpbmcgaXQgdGhlCj4gd3JvbmcgJ2xlbicgYXJndW1lbnQuIFdlIHdhbnQgYSBOVUwt
dGVybWluYXRlZCB1dGY4IHN0cmluZwoKTm90IG5lY2Vzc2FyaWx5LiBGb3IgZXhhbXBsZSwgZWZp
dmFyZnNfY2FsbGJhY2soKSBpcyBjb25zdHJ1Y3RpbmcgIm5hbWUiIGluIHNldmVyYWwgc3RlcHMs
IGFuZCB1Y3MyX2FzX3V0ZjgoKSBpcyBqdXN0IHRoZSBmaXJzdCBzdGVwLiBJZiBpdCBwcm9kdWNl
ZCBhICdcMCcgYXQgbmFtZVtsZW5dLCBpdCB3b3VsZCBiZSBvdmVyd3JpdHRlbiBzb29uIGFmdGVy
ICh3aXRoIGEgaHlwaGVuIGNoYXJhY3RlcikuCgpBbHNvLCB0aGUgZWZpdmFyX3ZhcmlhYmxlX2lz
X3JlbW92YWJsZSgpIGZ1bmN0aW9uIHRha2VzICJsZW4iLiBJIHRoaW5rIHRoZSBpbnRlcmZhY2Vz
IGFyZSBjb25zaXN0ZW50LCBpdCdzIGp1c3QgdGhlIHZhcmlhYmxlX21hdGNoZXMoKSBmdW5jdGlv
biB0aGF0IGlzIGJ1Z2d5LgoKQWdhaW4sIEkgZG9uJ3Qgb3Bwb3NlIHN3aXRjaGluZyB0aGUgcGF0
dGVybiB0byBOVUwtdGVybWluYXRpb24gZ2VuZXJhbGx5LCBidXQgdmFyaWFibGVfbWF0Y2hlcygp
IHdpbGwgaGF2ZSB0byBiZSB1cGRhdGVkIGFueXdheS4gSSB0aGluayB0aGF0J3MgdGhlIGZpcnN0
IHN0ZXAsIGFuZCB0aGUgaW50ZXJmYWNlcyBjYW4gYmUgc3dpdGNoZWQgb3ZlciBvbmx5IGFmdGVy
LgoKPiBhbmQgd2UncmUKPiBwYXNzaW5nIGEgTlVMLXRlcm1pbmF0ZWQgdWNzMiBzdHJpbmcuIFdl
IHNob3VsZCB0ZWxsIHVjczJfYXNfdXRmOCgpIGl0Cj4gaGFzIGVub3VnaCByb29tIHRvIGNvcHkg
dGhlIE5VTC4KPiAKPiBXb3VsZG4ndCB0aGlzIHdvcmsgKG1pbnVzIHRoZSByZXR1cm4gdmFsdWUg
Y2hlY2tpbmcpPwo+IAo+IC0tLQo+IAo+IGRpZmYgLS1naXQgYS9kcml2ZXJzL2Zpcm13YXJlL2Vm
aS92YXJzLmMgYi9kcml2ZXJzL2Zpcm13YXJlL2VmaS92YXJzLmMKPiBpbmRleCAwYWM1OTRjMGEy
MzQuLjEzYTgzN2M3MGU5MCAxMDA2NDQKPiAtLS0gYS9kcml2ZXJzL2Zpcm13YXJlL2VmaS92YXJz
LmMKPiArKysgYi9kcml2ZXJzL2Zpcm13YXJlL2VmaS92YXJzLmMKPiBAQCAtMjM1LDEzICsyMzUs
MTIgQEAgZWZpdmFyX3ZhbGlkYXRlKGVmaV9ndWlkX3QgdmVuZG9yLCBlZmlfY2hhcjE2X3QgKnZh
cl9uYW1lLCB1OCAqZGF0YSwKPiAgCXVuc2lnbmVkIGxvbmcgdXRmOF9zaXplOwo+ICAJdTggKnV0
ZjhfbmFtZTsKPiAgCj4gLQl1dGY4X3NpemUgPSB1Y3MyX3V0ZjhzaXplKHZhcl9uYW1lKTsKPiAt
CXV0ZjhfbmFtZSA9IGttYWxsb2ModXRmOF9zaXplICsgMSwgR0ZQX0tFUk5FTCk7Cj4gKwl1dGY4
X3NpemUgPSB1Y3MyX3V0ZjhzaXplKHZhcl9uYW1lKSArIDE7Cj4gKwl1dGY4X25hbWUgPSBrbWFs
bG9jKHV0Zjhfc2l6ZSwgR0ZQX0tFUk5FTCk7Cj4gIAlpZiAoIXV0ZjhfbmFtZSkKPiAgCQlyZXR1
cm4gZmFsc2U7Cj4gIAo+ICAJdWNzMl9hc191dGY4KHV0ZjhfbmFtZSwgdmFyX25hbWUsIHV0Zjhf
c2l6ZSk7Cj4gLQl1dGY4X25hbWVbdXRmOF9zaXplXSA9ICdcMCc7Cj4gIAo+ICAJZm9yIChpID0g
MDsgdmFyaWFibGVfdmFsaWRhdGVbaV0ubmFtZVswXSAhPSAnXDAnOyBpKyspIHsKPiAgCQljb25z
dCBjaGFyICpuYW1lID0gdmFyaWFibGVfdmFsaWRhdGVbaV0ubmFtZTsKPiBAQCAtMjUwLDcgKzI0
OSw3IEBAIGVmaXZhcl92YWxpZGF0ZShlZmlfZ3VpZF90IHZlbmRvciwgZWZpX2NoYXIxNl90ICp2
YXJfbmFtZSwgdTggKmRhdGEsCj4gIAkJaWYgKGVmaV9ndWlkY21wKHZlbmRvciwgdmFyaWFibGVf
dmFsaWRhdGVbaV0udmVuZG9yKSkKPiAgCQkJY29udGludWU7Cj4gIAo+IC0JCWlmICh2YXJpYWJs
ZV9tYXRjaGVzKHV0ZjhfbmFtZSwgdXRmOF9zaXplKzEsIG5hbWUsICZtYXRjaCkpIHsKPiArCQlp
ZiAodmFyaWFibGVfbWF0Y2hlcyh1dGY4X25hbWUsIHV0Zjhfc2l6ZSwgbmFtZSwgJm1hdGNoKSkg
ewo+ICAJCQlpZiAodmFyaWFibGVfdmFsaWRhdGVbaV0udmFsaWRhdGUgPT0gTlVMTCkKPiAgCQkJ
CWJyZWFrOwo+ICAJCQlrZnJlZSh1dGY4X25hbWUpOwoKQXMgSSBzYWlkLCB0aGUgdGhpbmcgSSBk
aXNsaWtlIGFib3V0IHRoaXMgaXM6IHdoeSBwYXNzICJ1dGY4X3NpemUiIHRvIHZhcmlhYmxlX21h
dGNoZXMoKSBhdCBhbGwsIGlmICJ1dGY4X25hbWUiIGlzIGd1YXJhbnRlZWQgdG8gYmUgTlVMLXRl
cm1pbmF0ZWQ/CgpPdGhlcndpc2UsIEkgdGhpbmsgdGhpcyBwYXRjaCBkb2VzIGdldCB0aGUgam9i
IGRvbmUsIHllcy4gKEkgYWxzbyBjaGVja2VkIHRoZSB1Y3MyX2FzX3V0ZjgoKSBjYWxsIGluIGVm
aXZhcl9jcmVhdGVfc3lzZnNfZW50cnkoKSwgImRyaXZlcnMvZmlybXdhcmUvZWZpL2VmaXZhcnMu
YyIsIGJ1dCB0aGVyZSB0aGUgYnVmZmVyIGFscmVhZHkgaGFzIGVub3VnaCByb29tIGZvciAnXDAn
LikKCi4uLiBIb3cgYWJvdXQgdGhpcyBpbnN0ZWFkPwoKPiBGcm9tIDE2ODRmNDM5OGI4NDk4YWYx
MzVmYjNlMDdmODM2MTRlZjA0MjMyNjUgTW9uIFNlcCAxNyAwMDowMDowMCAyMDAxCj4gRnJvbTog
TGFzemxvIEVyc2VrIDxsZXJzZWtAcmVkaGF0LmNvbT4KPiBEYXRlOiBUaHUsIDIxIEFwciAyMDE2
IDE4OjA4OjMxICswMjAwCj4gU3ViamVjdDogW1BBVENIXSBlZmk6IGZpeCBvdXQtb2YtYm91bmRz
IHJlYWQgaW4gdmFyaWFibGVfbWF0Y2hlcygpCj4KPiBUaGUgdmFyaWFibGVfbWF0Y2hlcygpIGZ1
bmN0aW9uIGNhbiBjdXJyZW50bHkgcmVhZCAidmFyX25hbWVbbGVuXSIsIGZvcgo+IGV4YW1wbGUg
d2hlbjoKPiAtIHZhcl9uYW1lWzBdID09ICdhJywKPiAtIGxlbiA9PSAxCj4gLSBtYXRjaF9uYW1l
IHBvaW50cyB0byB0aGUgTlVMLXRlcm1pbmF0ZWQgc3RyaW5nICJhYiIuCj4KPiBUaGlzIGZ1bmN0
aW9uIGlzIHN1cHBvc2VkIHRvIGFjY2VwdCAidmFyX25hbWUiIGlucHV0cyB0aGF0IGFyZSBub3QK
PiBOVUwtdGVybWluYXRlZCAoaGVuY2UgdGhlICJsZW4iIHBhcmFtZXRlciIpLiBEb2N1bWVudCB0
aGUgZnVuY3Rpb24sIGFuZAo+IGFjY2VzcyAidmFyX25hbWVbKm1hdGNoXSIgb25seSBpZiAiKm1h
dGNoIiBpcyBzbWFsbGVyIHRoYW4gImxlbiIuCj4KPiBSZWY6IGh0dHA6Ly90aHJlYWQuZ21hbmUu
b3JnL2dtYW5lLmNvbXAuZnJlZWRlc2t0b3AueG9yZy5kcml2ZXJzLmludGVsLzg2OTA2Cj4gUmVw
b3J0ZWQtYnk6IENocmlzIFdpbHNvbiA8Y2hyaXNAY2hyaXMtd2lsc29uLmNvLnVrPgo+IFNpZ25l
ZC1vZmYtYnk6IExhc3psbyBFcnNlayA8bGVyc2VrQHJlZGhhdC5jb20+Cj4gLS0tCj4gIGRyaXZl
cnMvZmlybXdhcmUvZWZpL3ZhcnMuYyB8IDM3ICsrKysrKysrKysrKysrKysrKysrKysrKysrLS0t
LS0tLS0tLS0KPiAgMSBmaWxlIGNoYW5nZWQsIDI2IGluc2VydGlvbnMoKyksIDExIGRlbGV0aW9u
cygtKQo+Cj4gZGlmZiAtLWdpdCBhL2RyaXZlcnMvZmlybXdhcmUvZWZpL3ZhcnMuYyBiL2RyaXZl
cnMvZmlybXdhcmUvZWZpL3ZhcnMuYwo+IGluZGV4IDBhYzU5NGMwYTIzNC4uMzRiNzQxOTQwNDk0
IDEwMDY0NAo+IC0tLSBhL2RyaXZlcnMvZmlybXdhcmUvZWZpL3ZhcnMuYwo+ICsrKyBiL2RyaXZl
cnMvZmlybXdhcmUvZWZpL3ZhcnMuYwo+IEBAIC0yMDIsMjkgKzIwMiw0NCBAQCBzdGF0aWMgY29u
c3Qgc3RydWN0IHZhcmlhYmxlX3ZhbGlkYXRlIHZhcmlhYmxlX3ZhbGlkYXRlW10gPSB7Cj4gIAl7
IE5VTExfR1VJRCwgIiIsIE5VTEwgfSwKPiAgfTsKPgo+ICsvKgo+ICsgKiBDaGVjayBpZiBAdmFy
X25hbWUgbWF0Y2hlcyB0aGUgcGF0dGVybiBnaXZlbiBpbiBAbWF0Y2hfbmFtZS4KPiArICoKPiAr
ICogQHZhcl9uYW1lOiBhbiBhcnJheSBvZiBAbGVuIG5vbi1OVUwgY2hhcmFjdGVycy4KPiArICog
QG1hdGNoX25hbWU6IGEgTlVMLXRlcm1pbmF0ZWQgcGF0dGVybiBzdHJpbmcsIG9wdGlvbmFsbHkg
ZW5kaW5nIGluICIqIi4gQQo+ICsgKiAgICAgICAgICAgICAgZmluYWwgIioiIGNoYXJhY3RlciBt
YXRjaGVzIGFueSB0cmFpbGluZyBjaGFyYWN0ZXJzIEB2YXJfbmFtZSwKPiArICogICAgICAgICAg
ICAgIGluY2x1ZGluZyB0aGUgY2FzZSB3aGVuIHRoZXJlIGFyZSBub25lIGxlZnQgaW4gQHZhcl9u
YW1lLgo+ICsgKiBAbWF0Y2g6IG9uIG91dHB1dCwgdGhlIG51bWJlciBvZiBub24td2lsZGNhcmQg
Y2hhcmFjdGVycyBpbiBAbWF0Y2hfbmFtZQo+ICsgKiAgICAgICAgIHRoYXQgQHZhcl9uYW1lIG1h
dGNoZXMsIHJlZ2FyZGxlc3Mgb2YgdGhlIHJldHVybiB2YWx1ZS4KPiArICogQHJldHVybjogd2hl
dGhlciBAdmFyX25hbWUgZnVsbHkgbWF0Y2hlcyBAbWF0Y2hfbmFtZS4KPiArICovCj4gIHN0YXRp
YyBib29sCj4gIHZhcmlhYmxlX21hdGNoZXMoY29uc3QgY2hhciAqdmFyX25hbWUsIHNpemVfdCBs
ZW4sIGNvbnN0IGNoYXIgKm1hdGNoX25hbWUsCj4gIAkJIGludCAqbWF0Y2gpCj4gIHsKPiAgCWZv
ciAoKm1hdGNoID0gMDsgOyAoKm1hdGNoKSsrKSB7Cj4gIAkJY2hhciBjID0gbWF0Y2hfbmFtZVsq
bWF0Y2hdOwo+IC0JCWNoYXIgdSA9IHZhcl9uYW1lWyptYXRjaF07Cj4KPiAtCQkvKiBXaWxkY2Fy
ZCBpbiB0aGUgbWF0Y2hpbmcgbmFtZSBtZWFucyB3ZSd2ZSBtYXRjaGVkICovCj4gLQkJaWYgKGMg
PT0gJyonKQo+ICsJCXN3aXRjaCAoYykgewo+ICsJCWNhc2UgJyonOgo+ICsJCQkvKiBXaWxkY2Fy
ZCBpbiBAbWF0Y2hfbmFtZSBtZWFucyB3ZSd2ZSBtYXRjaGVkLiAqLwo+ICAJCQlyZXR1cm4gdHJ1
ZTsKPgo+IC0JCS8qIENhc2Ugc2Vuc2l0aXZlIG1hdGNoICovCj4gLQkJaWYgKCFjICYmICptYXRj
aCA9PSBsZW4pCj4gLQkJCXJldHVybiB0cnVlOwo+ICsJCWNhc2UgJ1wwJzoKPiArCQkJLyogQG1h
dGNoX25hbWUgaGFzIGVuZGVkLiBIYXMgQHZhcl9uYW1lIHRvbz8gKi8KPiArCQkJcmV0dXJuICgq
bWF0Y2ggPT0gbGVuKTsKPgo+IC0JCWlmIChjICE9IHUpCj4gKwkJZGVmYXVsdDoKPiArCQkJLyoK
PiArCQkJICogV2UndmUgcmVhY2hlZCBhIG5vbi13aWxkY2FyZCBjaGFyIGluIEBtYXRjaF9uYW1l
Lgo+ICsJCQkgKiBDb250aW51ZSBvbmx5IGlmIHRoZXJlJ3MgYW4gaWRlbnRpY2FsIGNoYXJhY3Rl
ciBpbgo+ICsJCQkgKiBAdmFyX25hbWUuCj4gKwkJCSAqLwo+ICsJCQlpZiAoKm1hdGNoIDwgbGVu
ICYmIGMgPT0gdmFyX25hbWVbKm1hdGNoXSkKPiArCQkJCWNvbnRpbnVlOwo+ICAJCQlyZXR1cm4g
ZmFsc2U7Cj4gLQo+IC0JCWlmICghYykKPiAtCQkJcmV0dXJuIHRydWU7Cj4gKwkJfQo+ICAJfQo+
IC0JcmV0dXJuIHRydWU7Cj4gIH0KPgo+ICBib29sCj4gLS0KPiAxLjguMy4xCj4KClRoYW5rcwpM
YXN6bG8KCj4gZGlmZiAtLWdpdCBhL2ZzL2VmaXZhcmZzL3N1cGVyLmMgYi9mcy9lZml2YXJmcy9z
dXBlci5jCj4gaW5kZXggZGQwMjlkMTNlYTYxLi5iZTVhMDI3MjFiNDEgMTAwNjQ0Cj4gLS0tIGEv
ZnMvZWZpdmFyZnMvc3VwZXIuYwo+ICsrKyBiL2ZzL2VmaXZhcmZzL3N1cGVyLmMKPiBAQCAtMTM2
LDcgKzEzNiw3IEBAIHN0YXRpYyBpbnQgZWZpdmFyZnNfY2FsbGJhY2soZWZpX2NoYXIxNl90ICpu
YW1lMTYsIGVmaV9ndWlkX3QgdmVuZG9yLAo+ICAJaWYgKCFuYW1lKQo+ICAJCWdvdG8gZmFpbDsK
PiAgCj4gLQl1Y3MyX2FzX3V0ZjgobmFtZSwgZW50cnktPnZhci5WYXJpYWJsZU5hbWUsIGxlbik7
Cj4gKwl1Y3MyX2FzX3V0ZjgobmFtZSwgZW50cnktPnZhci5WYXJpYWJsZU5hbWUsIGxlbiArIDEp
Owo+ICAKPiAgCWlmIChlZml2YXJfdmFyaWFibGVfaXNfcmVtb3ZhYmxlKGVudHJ5LT52YXIuVmVu
ZG9yR3VpZCwgbmFtZSwgbGVuKSkKPiAgCQlpc19yZW1vdmFibGUgPSB0cnVlOwo+IAoKX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KSW50ZWwtZ2Z4IG1haWxp
bmcgbGlzdApJbnRlbC1nZnhAbGlzdHMuZnJlZWRlc2t0b3Aub3JnCmh0dHBzOi8vbGlzdHMuZnJl
ZWRlc2t0b3Aub3JnL21haWxtYW4vbGlzdGluZm8vaW50ZWwtZ2Z4Cg==

From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753184AbcDUQVR (ORCPT <rfc822;w@1wt.eu>);
	Thu, 21 Apr 2016 12:21:17 -0400
Received: from mx1.redhat.com ([209.132.183.28]:59223 "EHLO mx1.redhat.com"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751897AbcDUQVP (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Thu, 21 Apr 2016 12:21:15 -0400
Subject: Re: [PATCH] lib: Always NUL terminate ucs2_as_utf8
To: Matt Fleming <matt@codeblueprint.co.uk>
References: <1461141427-16361-1-git-send-email-chris@chris-wilson.co.uk>
 <5717834C.6070802@redhat.com> <20160421121827.GE2829@codeblueprint.co.uk>
Cc: Chris Wilson <chris@chris-wilson.co.uk>, Peter Jones <pjones@redhat.com>,
        intel-gfx@lists.freedesktop.org, Jason Andryuk <jandryuk@gmail.com>,
        Matthew Garrett <mjg59@coreos.com>, linux-efi@vger.kernel.org,
        linux-kernel@vger.kernel.org,
        Jani Nikula <jani.nikula@linux.intel.com>
From: Laszlo Ersek <lersek@redhat.com>
Message-ID: <5718FDF7.4030309@redhat.com>
Date: Thu, 21 Apr 2016 18:21:11 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <20160421121827.GE2829@codeblueprint.co.uk>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Thu, 21 Apr 2016 16:21:14 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 04/21/16 14:18, Matt Fleming wrote:
> ( Good Lord, I hate doing string manipulation in C )
> 
> On Wed, 20 Apr, at 03:25:32PM, Laszlo Ersek wrote:
>>
>> So, "len" does not include the room for the terminating NUL-byte here.
>> When "len" is passed to ucs2_as_utf8(), with the proposed patch applied,
>> a NUL byte will be produced in "name", but it will be at the price of a
>> genuine character from the input variable name.
> 
> Right, and this is a problem because we're trying to keep the names
> consistent between efivarfs and the EFI variable data. Force
> NUL-terminating the string is wrong, because if you have no room for
> the NUL the caller should check for that. Sadly none do.

I don't think it is necessary to check for the return value if on input the caller can guarantee (from ucs2_utf8size()) that the output buffer will be large enough.

> On the flip-side, passing around non-NUL terminated strings is just
> begging for these kinds of issues to come up.

"Depends", I guess :) NUL-termination and (ptr, length) both work, but whatever is chosen should be used consistently.

In my opinion, the pattern the code tries to follow is (ptr, length), and the direct issue is only that variable_matches() performs an out-of-bounds access.

We can change the pattern to NUL-termination, but then it should be consistently used, and I think variable_matches() should be adapted just the same. Why pass in the length to examine if the string is NUL-terminated, guaranteed?

> The fact is that the callers of ucs2_as_utf8() are passing it the
> wrong 'len' argument. We want a NUL-terminated utf8 string

Not necessarily. For example, efivarfs_callback() is constructing "name" in several steps, and ucs2_as_utf8() is just the first step. If it produced a '\0' at name[len], it would be overwritten soon after (with a hyphen character).

Also, the efivar_variable_is_removable() function takes "len". I think the interfaces are consistent, it's just the variable_matches() function that is buggy.

Again, I don't oppose switching the pattern to NUL-termination generally, but variable_matches() will have to be updated anyway. I think that's the first step, and the interfaces can be switched over only after.

> and we're
> passing a NUL-terminated ucs2 string. We should tell ucs2_as_utf8() it
> has enough room to copy the NUL.
> 
> Wouldn't this work (minus the return value checking)?
> 
> ---
> 
> diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c
> index 0ac594c0a234..13a837c70e90 100644
> --- a/drivers/firmware/efi/vars.c
> +++ b/drivers/firmware/efi/vars.c
> @@ -235,13 +235,12 @@ efivar_validate(efi_guid_t vendor, efi_char16_t *var_name, u8 *data,
>  	unsigned long utf8_size;
>  	u8 *utf8_name;
>  
> -	utf8_size = ucs2_utf8size(var_name);
> -	utf8_name = kmalloc(utf8_size + 1, GFP_KERNEL);
> +	utf8_size = ucs2_utf8size(var_name) + 1;
> +	utf8_name = kmalloc(utf8_size, GFP_KERNEL);
>  	if (!utf8_name)
>  		return false;
>  
>  	ucs2_as_utf8(utf8_name, var_name, utf8_size);
> -	utf8_name[utf8_size] = '\0';
>  
>  	for (i = 0; variable_validate[i].name[0] != '\0'; i++) {
>  		const char *name = variable_validate[i].name;
> @@ -250,7 +249,7 @@ efivar_validate(efi_guid_t vendor, efi_char16_t *var_name, u8 *data,
>  		if (efi_guidcmp(vendor, variable_validate[i].vendor))
>  			continue;
>  
> -		if (variable_matches(utf8_name, utf8_size+1, name, &match)) {
> +		if (variable_matches(utf8_name, utf8_size, name, &match)) {
>  			if (variable_validate[i].validate == NULL)
>  				break;
>  			kfree(utf8_name);

As I said, the thing I dislike about this is: why pass "utf8_size" to variable_matches() at all, if "utf8_name" is guaranteed to be NUL-terminated?

Otherwise, I think this patch does get the job done, yes. (I also checked the ucs2_as_utf8() call in efivar_create_sysfs_entry(), "drivers/firmware/efi/efivars.c", but there the buffer already has enough room for '\0'.)

... How about this instead?

> From 1684f4398b8498af135fb3e07f83614ef0423265 Mon Sep 17 00:00:00 2001
> From: Laszlo Ersek <lersek@redhat.com>
> Date: Thu, 21 Apr 2016 18:08:31 +0200
> Subject: [PATCH] efi: fix out-of-bounds read in variable_matches()
>
> The variable_matches() function can currently read "var_name[len]", for
> example when:
> - var_name[0] == 'a',
> - len == 1
> - match_name points to the NUL-terminated string "ab".
>
> This function is supposed to accept "var_name" inputs that are not
> NUL-terminated (hence the "len" parameter"). Document the function, and
> access "var_name[*match]" only if "*match" is smaller than "len".
>
> Ref: http://thread.gmane.org/gmane.comp.freedesktop.xorg.drivers.intel/86906
> Reported-by: Chris Wilson <chris@chris-wilson.co.uk>
> Signed-off-by: Laszlo Ersek <lersek@redhat.com>
> ---
>  drivers/firmware/efi/vars.c | 37 ++++++++++++++++++++++++++-----------
>  1 file changed, 26 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/firmware/efi/vars.c b/drivers/firmware/efi/vars.c
> index 0ac594c0a234..34b741940494 100644
> --- a/drivers/firmware/efi/vars.c
> +++ b/drivers/firmware/efi/vars.c
> @@ -202,29 +202,44 @@ static const struct variable_validate variable_validate[] = {
>  	{ NULL_GUID, "", NULL },
>  };
>
> +/*
> + * Check if @var_name matches the pattern given in @match_name.
> + *
> + * @var_name: an array of @len non-NUL characters.
> + * @match_name: a NUL-terminated pattern string, optionally ending in "*". A
> + *              final "*" character matches any trailing characters @var_name,
> + *              including the case when there are none left in @var_name.
> + * @match: on output, the number of non-wildcard characters in @match_name
> + *         that @var_name matches, regardless of the return value.
> + * @return: whether @var_name fully matches @match_name.
> + */
>  static bool
>  variable_matches(const char *var_name, size_t len, const char *match_name,
>  		 int *match)
>  {
>  	for (*match = 0; ; (*match)++) {
>  		char c = match_name[*match];
> -		char u = var_name[*match];
>
> -		/* Wildcard in the matching name means we've matched */
> -		if (c == '*')
> +		switch (c) {
> +		case '*':
> +			/* Wildcard in @match_name means we've matched. */
>  			return true;
>
> -		/* Case sensitive match */
> -		if (!c && *match == len)
> -			return true;
> +		case '\0':
> +			/* @match_name has ended. Has @var_name too? */
> +			return (*match == len);
>
> -		if (c != u)
> +		default:
> +			/*
> +			 * We've reached a non-wildcard char in @match_name.
> +			 * Continue only if there's an identical character in
> +			 * @var_name.
> +			 */
> +			if (*match < len && c == var_name[*match])
> +				continue;
>  			return false;
> -
> -		if (!c)
> -			return true;
> +		}
>  	}
> -	return true;
>  }
>
>  bool
> --
> 1.8.3.1
>

Thanks
Laszlo

> diff --git a/fs/efivarfs/super.c b/fs/efivarfs/super.c
> index dd029d13ea61..be5a02721b41 100644
> --- a/fs/efivarfs/super.c
> +++ b/fs/efivarfs/super.c
> @@ -136,7 +136,7 @@ static int efivarfs_callback(efi_char16_t *name16, efi_guid_t vendor,
>  	if (!name)
>  		goto fail;
>  
> -	ucs2_as_utf8(name, entry->var.VariableName, len);
> +	ucs2_as_utf8(name, entry->var.VariableName, len + 1);
>  
>  	if (efivar_variable_is_removable(entry->var.VendorGuid, name, len))
>  		is_removable = true;
>