From b49f567e45d231c70b2e5c4f5055e4cac0a893dc Mon Sep 17 00:00:00 2001
From: Benjamin Doron <benjamin.doron@9elements.com>
Date: Wed, 16 Jul 2025 12:44:20 -0400
Subject: [PATCH] util/smmstoretool: Ensure that the FVB header isn't too large

If the header size is equal to fv.length, then `fv_parse()` will go
out-of-bounds when obtaining the variable store data, and obviously,
there is no data if the header takes up all available space.

Change-Id: I0ac46e098a14b51f936cb99f5e6bf83411570bc5
Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
Reviewed-on: https://review.coreboot.org/c/coreboot/+/88452
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Sean Rhodes <sean@starlabs.systems>
---
 util/smmstoretool/fv.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/smmstoretool/fv.c b/util/smmstoretool/fv.c
index 89212bad43..8ac8646d92 100644
--- a/util/smmstoretool/fv.c
+++ b/util/smmstoretool/fv.c
@@ -100,7 +100,7 @@ static bool check_fw_vol_hdr(const EFI_FIRMWARE_VOLUME_HEADER *hdr,
 	if (hdr->Revision != EFI_FVH_REVISION ||
 		hdr->Signature != EFI_FVH_SIGNATURE ||
 		hdr->FvLength > max_size ||
-		hdr->HeaderLength > max_size ||
+		hdr->HeaderLength >= max_size ||
 		hdr->HeaderLength % 2 != 0) {
 		fprintf(stderr, "No firmware volume header present\n");
 		return false;