:: commit e55510f67a888c51fa02e7be8ca4809513dc5c74
lib/config: Fix off-by-one read past end in macro definition skip
diff --git a/common/lib/config.c b/common/lib/config.c
index ee718f81..0d6dbe5a 100644
--- a/common/lib/config.c
+++ b/common/lib/config.c
@@ -488,12 +488,14 @@ skip_loop:
|| (config_size - i >= 2 && i == 0 && memcmp(config_addr, "${", 2) == 0)) {
size_t orig_i = i;
i += i ? 3 : 2;
- while (config_addr[i++] != '}') {
- if (i >= config_size) {
- bad_config = true;
- panic(true, "config: Malformed macro usage");
- }
+ while (i < config_size && config_addr[i] != '}') {
+ i++;
+ }
+ if (i >= config_size) {
+ bad_config = true;
+ panic(true, "config: Malformed macro usage");
}
+ i++; // skip '}'
if (i >= config_size || config_addr[i++] != '=') {
i = orig_i;
goto next;
