[U-Boot] [PATCH 1/1] ARM64: zynqmp: avoid out of buffer access
Michal Simek
michal.simek at xilinx.com
Mon Jul 31 08:33:20 UTC 2017
On 30.7.2017 22:18, Heinrich Schuchardt wrote:
> strncat(a, b, c) appends a maximum of c characters plus the 0 byte
> to a.
>
> In board_init we first write 4 characters plus 0 byte to version.
> So only ZYNQMP_VERSION_SIZE - 5 additional characters fit into
> version.
>
> The problem was indicated by cppcheck.
>
> Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
> ---
> board/xilinx/zynqmp/zynqmp.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/board/xilinx/zynqmp/zynqmp.c b/board/xilinx/zynqmp/zynqmp.c
> index 51a3d9f276..bbcab9869e 100644
> --- a/board/xilinx/zynqmp/zynqmp.c
> +++ b/board/xilinx/zynqmp/zynqmp.c
> @@ -133,10 +133,10 @@ int board_init(void)
> if (current_el() != 3) {
> static char version[ZYNQMP_VERSION_SIZE];
>
> - strncat(version, "xczu", ZYNQMP_VERSION_SIZE);
> + strncat(version, "xczu", 4);
> zynqmppl.name = strncat(version,
> zynqmp_get_silicon_idcode_name(),
> - ZYNQMP_VERSION_SIZE);
> + ZYNQMP_VERSION_SIZE - 5);
> printf("Chip ID:\t%s\n", zynqmppl.name);
> fpga_init();
> fpga_add(fpga_xilinx, &zynqmppl);
>
Applied.
Thanks,
Michal
More information about the U-Boot
mailing list