[PATCH master 22/39] efi: fix out-of-bounds read in 1394 device path printing
Ahmad Fatoum
a.fatoum at pengutronix.de
Mon Feb 16 00:44:22 PST 2026
The F1394 device path Guid field is a u64 (8 bytes), but it was printed
with %pUl which expects a 16-byte efi_guid_t pointer. This reads 8
bytes past the field boundary.
Use %016llx to correctly format the u64 value.
Co-Authored-By: Claude Opus 4.6 <noreply at anthropic.com>
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
efi/devicepath.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/efi/devicepath.c b/efi/devicepath.c
index 31a509f99e42..bf65325fed8a 100644
--- a/efi/devicepath.c
+++ b/efi/devicepath.c
@@ -242,7 +242,7 @@ dev_path1394(struct string *str, const void *dev_path)
const struct efi_device_path_f1394 *F1394;
F1394 = dev_path;
- cprintf(str, "1394(%pUl)", &F1394->Guid);
+ cprintf(str, "1394(0x%016llx)", F1394->Guid);
}
static void
--
2.47.3
More information about the barebox
mailing list