[U-Boot] [PATCH 1/1] ARM64: zynqmp: avoid out of buffer access
Heinrich Schuchardt
xypron.glpk at gmx.de
Sun Jul 30 20:18:18 UTC 2017
strncat(a, b, c) appends a maximum of c characters plus the 0 byte
to a.
In board_init we first write 4 characters plus 0 byte to version.
So only ZYNQMP_VERSION_SIZE - 5 additional characters fit into
version.
The problem was indicated by cppcheck.
Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
---
board/xilinx/zynqmp/zynqmp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/board/xilinx/zynqmp/zynqmp.c b/board/xilinx/zynqmp/zynqmp.c
index 51a3d9f276..bbcab9869e 100644
--- a/board/xilinx/zynqmp/zynqmp.c
+++ b/board/xilinx/zynqmp/zynqmp.c
@@ -133,10 +133,10 @@ int board_init(void)
if (current_el() != 3) {
static char version[ZYNQMP_VERSION_SIZE];
- strncat(version, "xczu", ZYNQMP_VERSION_SIZE);
+ strncat(version, "xczu", 4);
zynqmppl.name = strncat(version,
zynqmp_get_silicon_idcode_name(),
- ZYNQMP_VERSION_SIZE);
+ ZYNQMP_VERSION_SIZE - 5);
printf("Chip ID:\t%s\n", zynqmppl.name);
fpga_init();
fpga_add(fpga_xilinx, &zynqmppl);
--
2.13.2
More information about the U-Boot
mailing list