util/nvmutil: safer pointer comparison

technically we're never supposed to do arithmetic on pointers (there's uintptr for that) very anal fix Signed-off-by: Leah Rowe <leah@libreboot.org>
author: Leah Rowe <leah@libreboot.org> 2026-03-14 19:09:34 +0000
committer: Leah Rowe <leah@libreboot.org> 2026-03-14 19:09:34 +0000
commit: feb4db34a25cdbee2ea4ea7896bdede7e82273ba (patch)
tree: bd05ffbacbc73c8da4e284392e6742e980163b07 /util
parent: 48d17cae0f5f3e298cb7b4f1d8b4ca694661734e (diff)
1 files changed, 13 insertions, 4 deletions
diff --git a/util/nvmutil/nvmutil.c b/util/nvmutil/nvmutil.c
index ba3fc29f..c8b8060b 100644
--- a/util/nvmutil/nvmutil.c
+++ b/util/nvmutil/nvmutil.c
@@ -218,6 +218,7 @@ also consider:
 #include <fcntl.h>
 #include <limits.h>
 #include <stdarg.h>
+#include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -1800,13 +1801,21 @@ static ssize_t
 rw_gbe_file_exact(int fd, u8 *mem, size_t nrw,
     off_t off, int rw_type)
 {
+	size_t mem_addr;
+	size_t buf_addr;
+	size_t buf_end;
+
 	if (mem == NULL)
 		goto err_rw_gbe_file_exact;
 
-	if (mem != (void *)pad
-	    && mem != (void *)rnum
-	    && (mem < buf || mem >= (buf + GBE_FILE_SIZE)))
-		goto err_rw_gbe_file_exact;
+	mem_addr = (size_t)(void *)mem;
+	buf_addr = (size_t)(void *)buf;
+	buf_end  = buf_addr + GBE_FILE_SIZE;
+
+	if (mem != (void *)pad &&
+	    mem != (void *)rnum &&
+	    (mem_addr < buf_addr || mem_addr >= buf_end))
+	    goto err_rw_gbe_file_exact;
 
 	if (off < 0 || off >= gbe_file_size)
 		goto err_rw_gbe_file_exact;
author	Leah Rowe <leah@libreboot.org>	2026-03-14 19:09:34 +0000
committer	Leah Rowe <leah@libreboot.org>	2026-03-14 19:09:34 +0000
commit	feb4db34a25cdbee2ea4ea7896bdede7e82273ba (patch)
tree	bd05ffbacbc73c8da4e284392e6742e980163b07 /util
parent	48d17cae0f5f3e298cb7b4f1d8b4ca694661734e (diff)