[U-Boot-Users] Buffer overflow in print_data() in ft_build.c
Fredrik Roubert
roubert at df.lth.se
Mon Oct 9 12:26:05 CEST 2006
Hi!
In print_data() in ft_build.c, printf() is used to print strings of
arbitrary length from the device tree, which will cause a buffer
overflow that crashes U-Boot if any of these strings is longer than
CFG_PBSIZE.
(I encountered this while debugging my flat device tree while having a
very long kernel parameter line.)
The attached patch changes print_data() to use puts() instead, which
doesn't have the buffer overflow problem.
Cheers // Fredrik Roubert
--
Visserij 192 | +32 473 344527 / +46 708 776974
BE-9000 Gent | http://www.df.lth.se/~roubert/
-------------- next part --------------
diff -ur u-boot-2006-06-30-2020.orig/common/ft_build.c u-boot-2006-06-30-2020/common/ft_build.c
--- u-boot-2006-06-30-2020.orig/common/ft_build.c 2006-06-30 20:16:37.000000000 +0200
+++ u-boot-2006-06-30-2020/common/ft_build.c 2006-10-09 12:12:56.000000000 +0200
@@ -293,7 +293,9 @@
return;
if (is_printable_string(data, len)) {
- printf(" = \"%s\"", (char *)data);
+ puts(" = \"");
+ puts(data);
+ puts("\"");
return;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 303 bytes
Desc: not available
Url : http://lists.denx.de/pipermail/u-boot/attachments/20061009/2368dc96/attachment.pgp
More information about the U-Boot
mailing list