Skip to content

patina_internal_collections: Prevent out-of-bounds access in resize() #1243

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
makubacki merged 1 commit into from
Jan 15, 2026
Merged

patina_internal_collections: Prevent out-of-bounds access in resize() #1243

makubacki merged 1 commit into from
Jan 15, 2026

Conversation

@makubacki
Copy link
Collaborator

@makubacki makubacki commented Jan 14, 2026

Description

Add bounds checking before accessing buffer[idx] in Storage::resize().

When resizing to a buffer with no free space (idx >= buffer.len()), set available to null instead of attempting to access out-of-bounds memory.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

How This Was Tested

  • Unit tests (cargo make all)
  • patina-qemu boot to EFI shell

Integration Instructions

  • N/A

@makubacki makubacki self-assigned this Jan 14, 2026
@makubacki makubacki added the type:bug Something isn't working label Jan 14, 2026
@github-actions github-actions bot added the impact:testing Affects testing label Jan 14, 2026
@makubacki makubacki mentioned this pull request Jan 14, 2026
Open
5 tasks
@codecov
Copy link

codecov bot commented Jan 14, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@makubacki
patina_internal_collections: Prevent out-of-bounds access in resize()
7f7a058 
Add bounds checking before accessing buffer[idx] in Storage::resize().

When resizing to a buffer with no free space (idx >= buffer.len()),
set available to null instead of attempting to access out-of-bounds
memory.

Signed-off-by: Michael Kubacki <[email protected]>
@makubacki makubacki force-pushed the patina_internal_coll_fix_out_of_bound_access branch from 9ce272e to 7f7a058 Compare January 15, 2026 00:45
@makubacki makubacki enabled auto-merge (squash) January 15, 2026 00:47
@makubacki makubacki merged commit f921e1e into OpenDevicePartnership:main Jan 15, 2026
8 checks passed
@garybeihl
Copy link
Contributor

garybeihl commented Jan 15, 2026

Good catch - there are a couple more out-of-bounds checks needed - I opened a new PR #1247

@makubacki makubacki mentioned this pull request Jan 15, 2026
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Javagedes Javagedes Javagedes approved these changes

@os-d os-d os-d approved these changes

@joschock joschock Awaiting requested review from joschock

Assignees

@makubacki makubacki

Labels

impact:testing Affects testing type:bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@makubacki @garybeihl @Javagedes @os-d