[U-Boot] [PATCH] stdio: Fix a possible buffer overflow
Wolfgang Denk
wd at denx.de
Sun Sep 4 23:28:47 CEST 2011
Dear Bradley Bolen,
In message <1314049685.74936.YahooMailClassic at web110204.mail.gq1.yahoo.com> you wrote:
> Signed-off-by: Bradley Bolen <bradleybolen at yahoo.com>
> ---
> The length of the name of a stdio_dev is 16 bytes, but the local
> variable to hold it is only 8 bytes. Also, the memcpy should copy
> the size of the destination, not the size of the source.
> ---
> common/stdio.c | 4 ++--
> 1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/common/stdio.c b/common/stdio.c
> index 6b2ed24..5c1adb1 100644
> --- a/common/stdio.c
> +++ b/common/stdio.c
> @@ -160,7 +160,7 @@ int stdio_deregister(const char *devname)
> int l;
> struct list_head *pos;
> struct stdio_dev *dev;
> - char temp_names[3][8];
> + char temp_names[3][16];
>
> dev = stdio_get_by_name(devname);
>
> @@ -174,7 +174,7 @@ int stdio_deregister(const char *devname)
> }
> memcpy (&temp_names[l][0],
> stdio_devices[l]->name,
> - sizeof(stdio_devices[l]->name));
> + sizeof(temp_names[l]));
Your patch is white space corrupted. Please make sure to use
git-send-email next time (or at least fix your mailer).
Applied manually, thanks.
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
Digital computers are themselves more complex than most things people
build: They have very large numbers of states. This makes conceiving,
describing, and testing them hard. Software systems have orders-of-
magnitude more states than computers do. - Fred Brooks, Jr.
More information about the U-Boot
mailing list