If we get an invalid conversion specifier, bail out instead of trying to fix it up. The format string likely has a typo or assumed we support something that we don't, in either case the remaining arguments won't match up with the remaining format string. Signed-off-by: Arvind Sankar <nivedita@xxxxxxxxxxxx> --- drivers/firmware/efi/libstub/vsprintf.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/drivers/firmware/efi/libstub/vsprintf.c b/drivers/firmware/efi/libstub/vsprintf.c index 3352ba394797..7dcbc04498e7 100644 --- a/drivers/firmware/efi/libstub/vsprintf.c +++ b/drivers/firmware/efi/libstub/vsprintf.c @@ -359,12 +359,13 @@ int vsprintf(char *buf, const char *fmt, va_list ap) break; default: - *str++ = '%'; - if (*fmt) - *str++ = *fmt; - else - --fmt; - continue; + /* + * Bail out if the conversion specifier is invalid. + * There's probably a typo in the format string and the + * remaining specifiers are unlikely to match up with + * the arguments. + */ + goto fail; } if (*fmt == 'p') num = (unsigned long)va_arg(args, void *); @@ -433,6 +434,7 @@ int vsprintf(char *buf, const char *fmt, va_list ap) while (field_width-- > 0) *str++ = ' '; } +fail: *str = '\0'; va_end(args); -- 2.26.2
