From patchwork Mon Sep 23 16:31:48 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Fix layout parser bugs
Date: Mon, 23 Sep 2013 16:31:48 -0000
From: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>
X-Patchwork-Id: 4057
Message-Id: <52406CF4.4030507@gmx.net>
To: flashrom <flashrom@flashrom.org>

Fix 3 parser bugs, details later. Code now.
Untested, compiles.

Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>


Index: flashrom-parserbugs/layout.c
===================================================================
--- flashrom-parserbugs/layout.c	(Revision 1750)
+++ flashrom-parserbugs/layout.c	(Arbeitskopie)
@@ -60,30 +60,33 @@
 	}
 
 	while (!feof(romlayout)) {
-		char *tstr1, *tstr2;
+		char *tstr1, *tstr2, *tstr3, *tstr4;
 
 		if (num_rom_entries >= MAX_ROMLAYOUT) {
 			msg_gerr("Maximum number of ROM images (%i) in layout "
 				 "file reached.\n", MAX_ROMLAYOUT);
+			fclose(romlayout);
 			return 1;
 		}
-		if (2 != fscanf(romlayout, "%s %s\n", tempstr, rom_entries[num_rom_entries].name))
-			continue;
-#if 0
-		// fscanf does not like arbitrary comments like that :( later
-		if (tempstr[0] == '#') {
-			continue;
+		if (!fgets(tempstr, 256, romlayout)) {
+			printf("Failing fgets without EOF should not happen!\n");
+			break;
 		}
-#endif
+
 		tstr1 = strtok(tempstr, ":");
-		tstr2 = strtok(NULL, ":");
-		if (!tstr1 || !tstr2) {
-			msg_gerr("Error parsing layout file. Offending string: \"%s\"\n", tempstr);
+		tstr2 = strtok(NULL, " \t");
+		tstr3 = strtok(NULL, " \t\r\n");
+		tstr4 = strtok(NULL, " \t\r\n");
+		if (!tstr1 || !tstr2 || !tstr3 || tstr4) {
+			msg_gerr("Error parsing layout file. Offending string after parsing: \"%s:%s %s%s\"\n", tstr1 ? : "(null)", tstr2 ? : "(null)", tstr3 ? : "(null)", tstr4 ? "trailing garbage" : "");
 			fclose(romlayout);
-			return 1;
+			return 2;
 		}
+		printf("strlen(tempstr)=%lu, strlen(name)=%lu\n", strlen(tempstr), strlen(rom_entries[num_rom_entries].name));
 		rom_entries[num_rom_entries].start = strtol(tstr1, (char **)NULL, 16);
 		rom_entries[num_rom_entries].end = strtol(tstr2, (char **)NULL, 16);
+		/* strcpy is actually safe here because tstr3 is shorter than 256 bytes because strlen(tempstr)<256. */
+		strcpy(rom_entries[num_rom_entries].name, tstr3);
 		rom_entries[num_rom_entries].included = 0;
 		num_rom_entries++;
 	}