[U-Boot] [PATCH v2] bootm: Avoid 256-byte overflow in fixup_silent_linux()
Mike Frysinger
vapier at gentoo.org
Wed Jan 11 00:30:05 CET 2012
On Tuesday 10 January 2012 17:28:05 Wolfgang Denk wrote:
> Doug Anderson wrote:
> > This makes fixup_silent_linux() use malloc() to allocate its
> > working space, meaning that our maximum kernel command line
> > should only be limited by malloc(). Previously it was silently
> > overflowing the stack.
>
> ...
>
> > static void fixup_silent_linux(void)
> > {
> >
> > - char buf[256], *start, *end;
>
> Are you sure that the kernel's buffer is long enough?
>
> For example on PowerPC, there is a current hard limit on 512
> characters:
>
> arch/powerpc/boot/ops.h:#define COMMAND_LINE_SIZE 512
> arch/powerpc/kernel/setup-common.c:char cmd_line[COMMAND_LINE_SIZE];
>
> On SPARC, we have 256 bytes hard limit, see arch/sparc/prom/bootstr_64.c:
>
> #define BARG_LEN 256
> ...
> prom_getstring(prom_chosen_node, "bootargs",
> bootstr_info.bootstr_buf, BARG_LEN);
i think this does len checking ...
> I think your patch is likely to break all these architectures?
i don't know about others, but on Blackfin, we don't care. we just copy the
first COMMAND_LINE_SIZE bytes out and ignore the rest.
-mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20120110/f530cff5/attachment.pgp>
More information about the U-Boot
mailing list