util/nvmutil: abort if I/O len exceeds SSIZE_MAX

in rw_file_exact otherwise, if length exceeds SSIZE_MAX, we could hit an overflow the buffers and lengths we deal with are relatively small anyway, so this fix is preventative Signed-off-by: Leah Rowe <leah@libreboot.org>
author: Leah Rowe <leah@libreboot.org> 2026-03-10 05:33:12 +0000
committer: Leah Rowe <leah@libreboot.org> 2026-03-10 05:33:12 +0000
commit: 9747ca415125e3193e0df7a6bac1bbdab259379c (patch)
tree: b749800e2fede64bbe9c5b3192093eec01d2c3f6 /util/nvmutil/nvmutil.c
parent: 93a4ec3497fe26159204c542f079714e4ae83a0d (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index a6790f86..160981ad 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -267,6 +267,10 @@ static const char *mac_str;
 static const char *fname;
 static const char *argv0;
 
+#ifndef SSIZE_MAX
+#define SSIZE_MAX ((ssize_t)((size_t)-1 >> 1))
+#endif
+
 /*
  * Use these for .invert in command[]:
  * If set to 1: read/write inverter (p0->p1, p1->p0)
@@ -1327,6 +1331,10 @@ rw_file_exact(int fd, uint8_t *mem, size_t len,
 		err(EIO, "%s: %s: Bad fd %d", path, rw_type_str, fd);
 	if (!len)
 		err(EIO, "%s: %s: Zero length", path, rw_type_str);
+	if (len > (size_t)SSIZE_MAX)
+		err(EIO,
+		    "%s: %s: Requested length (%zu) exceeds SSIZE_MAX (%zd)",
+		    path, rw_type_str, len, SSIZE_MAX);
 
 	for (rc = 0; rc != (ssize_t)len; rc += rval) {
 		if (rw_type == PSCHREIB)
author	Leah Rowe <leah@libreboot.org>	2026-03-10 05:33:12 +0000
committer	Leah Rowe <leah@libreboot.org>	2026-03-10 05:33:12 +0000
commit	9747ca415125e3193e0df7a6bac1bbdab259379c (patch)
tree	b749800e2fede64bbe9c5b3192093eec01d2c3f6 /util/nvmutil/nvmutil.c
parent	93a4ec3497fe26159204c542f079714e4ae83a0d (diff)