Source: efivar Version: 37 Severity: important Dear Maintainer,
the efivar source package contains buggy diagnostics printing code, which may corrupt the stack and cause crashes. The culprit is the arrow() macro defined in src/util.h, which pokes a couple of ^ characters into a buffer consisting of spaces, in order to point out the interesting parts of an output string appearing on the previous line. The string indexing done by the macro may result in ^ or space characters to be written outside of the allocated buffer, and since the buffer is typically allocated on the stack, this may corrupt control flow as well as other data. I have reported the issue here: https://github.com/rhboot/efivar/issues/124 Since we can drop this feature without any loss of functionality, the patch below is my proposed solution for the time being, while the issue gets addressed upstream. --- src/util.h.orig 2019-02-19 12:05:56.620746098 +0100 +++ src/util.h 2019-02-19 12:06:06.265005068 +0100 @@ -379,7 +379,7 @@ #undef log #endif #define log(level, fmt, args...) log_(__FILE__, __LINE__, __func__, level, fmt, ## args) -#define arrow(l,b,o,p,n,m) ({if(n==m){char c_=b[p+1]; b[o]='^'; b[p+o]='^';b[p+o+1]='\0';log(l,"%s",b);b[o]=' ';b[p+o]=' ';b[p+o+1]=c_;}}) +#define arrow(l,b,o,p,n,m) #define debug(fmt, args...) log(LOG_DEBUG, fmt, ## args) #endif /* EFIVAR_UTIL_H */ -- System Information: Debian Release: 9.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: arm64 (aarch64) Foreign Architectures: armhf Kernel: Linux 4.20.10+ (SMP w/8 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
