Gitiles
Code Review Sign In
gerrit.devboardsforandroid.linaro.org / platform / external / u-boot / 149c21b098dafc5a2ae619555a844e8d0a9523f6
commit149c21b098dafc5a2ae619555a844e8d0a9523f6[log] [tgz]
authorKay Potthoff <kaypotthoff@gmail.com>Tue Jul 17 08:19:39 2018 +0200
committerTom Rini <trini@konsulko.com>Tue Jul 24 09:25:23 2018 -0400
treefd593e065804edfe31d57678b19823cfccd4880f
parent4807c40c2f145e9721fc7891730cb26043cbd723 [diff]
mtdparts: fixed buffer overflow bug

In the case that there was no name defined for a partition the
code assumes that name_len is 22 and therefore allocates exactly
that space for a dummy name. But the function sprintf() first
resolves "0x%08llx@0x%08llx" to a string that is longer than 22
bytes. This leads to a buffer overflow. The replacement function
snprintf() limits the copied bytes to name_len and therefore
avoids the buffer overflow.

Signed-off-by: Kay Potthoff <Kay.Potthoff@microsys.de>
1 file changed
tree: fd593e065804edfe31d57678b19823cfccd4880f
  1. api/
  2. arch/
  3. board/
  4. cmd/
  5. common/
  6. configs/
  7. disk/
  8. doc/
  9. Documentation/
  10. drivers/
  11. dts/
  12. env/
  13. examples/
  14. fs/
  15. include/
  16. lib/
  17. Licenses/
  18. net/
  19. post/
  20. scripts/
  21. test/
  22. tools/
  23. .checkpatch.conf
  24. .gitignore
  25. .mailmap
  26. .travis.yml
  27. config.mk
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README