[U-Boot] [PATCH v2] bootm: Avoid 256-byte overflow in fixup_silent_linux()

Wolfgang Denk wd at denx.de
Tue Jan 10 23:28:05 CET 2012 

Dear Doug Anderson,

In message <1319133298-30249-1-git-send-email-dianders at chromium.org> you wrote:
> This makes fixup_silent_linux() use malloc() to allocate its
> working space, meaning that our maximum kernel command line
> should only be limited by malloc().  Previously it was silently
> overflowing the stack.
...
>  static void fixup_silent_linux(void)
>  {
> -	char buf[256], *start, *end;

Are you sure that the kernel's buffer is long enough?

For example on PowerPC, there is a current hard limit on 512
characters:

	arch/powerpc/boot/ops.h:#define COMMAND_LINE_SIZE       512
	arch/powerpc/kernel/setup-common.c:char cmd_line[COMMAND_LINE_SIZE];

On SPARC, we have 256 bytes hard limit, see arch/sparc/prom/bootstr_64.c:

	#define BARG_LEN  256
	...
	prom_getstring(prom_chosen_node, "bootargs",
			bootstr_info.bootstr_buf, BARG_LEN);

And so on for other architectures, for example:

arch/score/include/asm/setup.h:#define COMMAND_LINE_SIZE        256

arch/m68k/include/asm/setup.h:#define COMMAND_LINE_SIZE 256

arch/avr32/include/asm/setup.h:#define COMMAND_LINE_SIZE 256

arch/microblaze/include/asm/setup.h:#define COMMAND_LINE_SIZE   256

arch/mn10300/include/asm/param.h:#define COMMAND_LINE_SIZE 256

arch/sparc/include/asm/setup.h:# define COMMAND_LINE_SIZE 256

arch/cris/include/asm/setup.h:#define COMMAND_LINE_SIZE 256

arch/xtensa/include/asm/setup.h:#define COMMAND_LINE_SIZE       256

arch/alpha/include/asm/setup.h:#define COMMAND_LINE_SIZE        256


I think your patch is likely to break all these architectures?


Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
"The good Christian should beware of mathematicians and all those who
make empty prophecies. The danger already exists that  mathematicians
have  made a covenant with the devil to darken the spirit and confine
man in the bonds of Hell."                          - Saint Augustine

More information about the U-Boot mailing list