CBFS OOM due to unchecked underflow

[orangecms]

        where, err := in.Seek(0, io.SeekCurrent)
	if err != nil {
		return fmt.Errorf("Finding location in stream: %v", err)
	}
	amt := uint32(where) - p.Size
	if amt == 0 {
		return nil
	}
	p.FData = make([]byte, amt)

https://github.com/linuxboot/fiano/blob/master/pkg/cbfs/payload.go#L41

This amt can result in ~2^32 when underflowing the uint32 (p.Size > where).
Who knows what it is supposed to mean? Edit: likely "amount"

The p.FData = make([]byte, amt) would allocate too much memory then, ~4GB. 💥
That happens e.g. with a System76 coreboot image.

Original change: linuxboot/cbfs@346f48a#diff-cc15a3aea12e99de019f9054b9f79a47db26cf193e1bc6039d9e6500a9eafa5c

[rminnich]

ooops that's probably on me