dp.h: check _ucs2size in format_ucs2()

Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>

dp_h-check-_ucs2size-in-format_ucs2.patch

@@ -0,0 +1,26 @@
+From 3f233dd9c8cbb267b2cf931c6191e650e8ab8a5f Mon Sep 17 00:00:00 2001
+From: Qiumiao Zhang <zhangqiumiao1@huawei.com>
+Date: Sat, 26 Aug 2023 14:36:24 +0800
+Subject: [PATCH] dp.h: check _ucs2size in format_ucs2()
+
+Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>
+---
+ src/dp.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/dp.h b/src/dp.h
+index 8290cc1..27f7650 100644
+--- a/src/dp.h
++++ b/src/dp.h
+@@ -123,7 +123,7 @@ format_vendor_helper(unsigned char *buf, size_t size, char *label,
+ 		uint16_t *_ucs2buf;					\
+ 		uint32_t _ucs2size = sizeof(uint16_t) * len;		\
+ 		_ucs2buf = alloca(_ucs2size);				\
+-		if (_ucs2buf == NULL)					\
++		if (_ucs2buf == NULL || _ucs2size < sizeof(uint16_t))	\
+ 			return -1;					\
+ 		memset(_ucs2buf, '\0', _ucs2size);			\
+ 		memcpy(_ucs2buf, str, _ucs2size - sizeof(uint16_t));	\
+-- 
+2.23.0
+

efivar.spec

@@ -1,6 +1,6 @@
 Name:           efivar
 Version:        38
-Release:        2
+Release:        3
 Summary:        Tools and libraries to work with EFI variables
 License:        LGPL-2.1-only
 URL:            https://github.com/rhboot/%{name}
@@ -11,6 +11,7 @@ Patch0002:      0002-Fix-glibc-2.36-build-mount.h-conflicts.patch
 %ifarch sw_64
 Patch0003:      efivar-37-sw.patch
 %endif
+Patch9000:      dp_h-check-_ucs2size-in-format_ucs2.patch
 
 BuildRequires:  popt-devel glibc-static
 BuildRequires:  gcc mandoc
@@ -72,6 +73,12 @@ install -m 0644 src/abignore %{buildroot}%{_includedir}/efivar/.abignore
 %{_mandir}/man3/*
 
 %changelog
+* Tue Sep 12 2023 zhangqiumiao <zhangqiumiao1@huawei.com> - 38-3
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:dp.h: check _ucs2size in format_ucs2()
+
 * Wed Apr 26 2023 panchenbo <panchenbo@kylinsec.com.cn> - 38-2
 - ID:NA
 - SUG:NA