cbfstool: Make use of spurious null-termination

The null-termination of `filetypes` was added after the code was
written, obviously resulting in NULL dereferences. As some more
code has grown around the termination, it's hard to revert the
regression, so let's update the code that still used the array
length.

This fixes commit 7f5f9331d1 (util/cbfstool: fix buffer over-read)
which actually did fix something, but only one path while it broke
two others. We should be careful with fixes, they can always break
something else. Especially when a dumb tool triggered the patching
it seems likely that fewer people looked into related code.

Change-Id: If2ece1f5ad62952ed2e57769702e318ba5468f0c
Signed-off-by: Nico Huber <nico.huber@secunet.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/55763
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>

1 files changed, 4 insertions, 4 deletions

diff --git a/util/cbfstool/common.c b/util/cbfstool/common.c
index e2ed38ffc47f..539d0baccf54 100644
--- a/util/cbfstool/common.c
+++ b/util/cbfstool/common.c
@@ -168,10 +168,10 @@ void print_supported_architectures(void)
 
 void print_supported_filetypes(void)
 {
-	int i, number = ARRAY_SIZE(filetypes);
+	int i;
 
-	for (i=0; i<number; i++) {
-		printf(" %s%c", filetypes[i].name, (i==(number-1))?'\n':',');
+	for (i=0; filetypes[i].name; i++) {
+		printf(" %s%c", filetypes[i].name, filetypes[i + 1].name ? ',' : '\n');
 		if ((i%8) == 7)
 			printf("\n");
 	}
@@ -180,7 +180,7 @@ void print_supported_filetypes(void)
 uint64_t intfiletype(const char *name)
 {
 	size_t i;
-	for (i = 0; i < (sizeof(filetypes) / sizeof(struct typedesc_t)); i++)
+	for (i = 0; filetypes[i].name; i++)
 		if (strcmp(filetypes[i].name, name) == 0)
 			return filetypes[i].type;
 	return -1;