[U-Boot] [PATCH] stdio: Fix a possible buffer overflow
Bradley Bolen
bradleybolen at yahoo.com
Mon Aug 22 23:48:05 CEST 2011
Signed-off-by: Bradley Bolen <bradleybolen at yahoo.com>
---
The length of the name of a stdio_dev is 16 bytes, but the local
variable to hold it is only 8 bytes. Also, the memcpy should copy
the size of the destination, not the size of the source.
---
common/stdio.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/common/stdio.c b/common/stdio.c
index 6b2ed24..5c1adb1 100644
--- a/common/stdio.c
+++ b/common/stdio.c
@@ -160,7 +160,7 @@ int stdio_deregister(const char *devname)
int l;
struct list_head *pos;
struct stdio_dev *dev;
- char temp_names[3][8];
+ char temp_names[3][16];
dev = stdio_get_by_name(devname);
@@ -174,7 +174,7 @@ int stdio_deregister(const char *devname)
}
memcpy (&temp_names[l][0],
stdio_devices[l]->name,
- sizeof(stdio_devices[l]->name));
+ sizeof(temp_names[l]));
}
list_del(&(dev->list));
--
1.6.0.5
More information about the U-Boot
mailing list