console: file should always be non-negative

We use the parameter file in console functions to choose from an array
after checking against MAX_FILES but we never check if the value of file
is negative.

Running ./u-boot -T -l and issuing the poweroff command has resulted in
crashes because os_exit() results in std::ostream::flush() calling U-Boot's
fflush with file being a pointer which when converted to int may be
represented by a negative number.

This shows that checking against MAX_FILES is not enough. We have to ensure
that the file argument is always positive.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Heinrich Schuchardt
2022-10-22 11:32:34 +02:00
parent a32f6341cc
commit 27380d885d

View File

@@ -497,7 +497,7 @@ int serial_printf(const char *fmt, ...)
int fgetc(int file) int fgetc(int file)
{ {
if (file < MAX_FILES) { if ((unsigned int)file < MAX_FILES) {
/* /*
* Effectively poll for input wherever it may be available. * Effectively poll for input wherever it may be available.
*/ */
@@ -530,7 +530,7 @@ int fgetc(int file)
int ftstc(int file) int ftstc(int file)
{ {
if (file < MAX_FILES) if ((unsigned int)file < MAX_FILES)
return console_tstc(file); return console_tstc(file);
return -1; return -1;
@@ -538,20 +538,20 @@ int ftstc(int file)
void fputc(int file, const char c) void fputc(int file, const char c)
{ {
if (file < MAX_FILES) if ((unsigned int)file < MAX_FILES)
console_putc(file, c); console_putc(file, c);
} }
void fputs(int file, const char *s) void fputs(int file, const char *s)
{ {
if (file < MAX_FILES) if ((unsigned int)file < MAX_FILES)
console_puts(file, s); console_puts(file, s);
} }
#ifdef CONFIG_CONSOLE_FLUSH_SUPPORT #ifdef CONFIG_CONSOLE_FLUSH_SUPPORT
void fflush(int file) void fflush(int file)
{ {
if (file < MAX_FILES) if ((unsigned int)file < MAX_FILES)
console_flush(file); console_flush(file);
} }
#endif #endif