tpmc: Use char sentinel in HexStringToUint32()

HexStringToUint32() uses sscanf(), scanning in a hex value, and
capturing the tail as well to figure out if the user passed in too much.
Switch to using a char for that overflow detection rather than a string
to avoid stack corruption. For example:

localhost# tpmc pcrread 999999999999999999999
*** stack smashing detected ***: terminated
Aborted (core dumped)

TEST=stop trunksd; tpmc pcrread 999999999999999999999

Signed-off-by: Evan Green <>
Change-Id: Idefec979d5cf6ab8a83da8654ed5591158807395
Reviewed-by: Andrey Pronin <>
Reviewed-by: Julius Werner <>
1 file changed