acpi-phat: Prevent a corrupt PHAT table from allocating ~4GB of memory

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35761
2025-08-11 04:30:56 +00:00 · 2021-07-02 19:51:54 +01:00 · 2021-07-02 19:51:54 +01:00 · a5de6f0248
commit a5de6f0248
parent 24eec8c533
1 changed files with 8 additions and 0 deletions
--- a/plugins/acpi-phat/fu-acpi-phat-health-record.c
+++ b/plugins/acpi-phat/fu-acpi-phat-health-record.c
@ -88,6 +88,14 @@ fu_acpi_phat_health_record_parse (FuFirmware *firmware,
 		} else {
 			ubufsz = dataoff - 28;
 		}
+		if (ubufsz > bufsz) {
+			g_set_error (error,
+				     G_IO_ERROR,
+				     G_IO_ERROR_INVALID_DATA,
+				     "device path too large: 0x%x",
+				     (guint) ubufsz);
+			return FALSE;
+		}

 		/* check this is an even number of bytes */
 		if (ubufsz % 2 != 0) {