[U-Boot] [PATCH v2 1/1] tools: sunxi: avoid read after end of string
Boris Brezillon
boris.brezillon at free-electrons.com
Fri May 5 06:50:47 UTC 2017
On Thu, 4 May 2017 22:26:42 +0200
Heinrich Schuchardt <xypron.glpk at gmx.de> wrote:
> The evaluation of option -c is incorrect:
>
> According to the C99 standard endptr in the first strtol is always
> set as &endptr is not NULL.
> So the first part of the or condition is always true.
> If all digits in optarg are valid endptr will point to the closing \0
> and the second strtol will read beyond the end of the string optarg
> points to.
>
> Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
Acked-by: Boris Brezillon <boris.brezillon at free-electrons.com>
> ---
> v2:
> Simplify the logical expression.
> v1:
> In the original patch I missed that envptr is always set in strtol
> and used an unnecessary check if endptr is non-NULL.
> [PATCH 1/1] tools: sunxi: avoid possible null pointer dereference
> https://patchwork.ozlabs.org/patch/758224/
> ---
> tools/sunxi-spl-image-builder.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/sunxi-spl-image-builder.c b/tools/sunxi-spl-image-builder.c
> index d538a38813..a367f11774 100644
> --- a/tools/sunxi-spl-image-builder.c
> +++ b/tools/sunxi-spl-image-builder.c
> @@ -433,7 +433,7 @@ int main(int argc, char **argv)
> break;
> case 'c':
> info.ecc_strength = strtol(optarg, &endptr, 0);
> - if (endptr || *endptr == '/')
> + if (*endptr == '/')
> info.ecc_step_size = strtol(endptr + 1, NULL, 0);
> break;
> case 'p':
More information about the U-Boot
mailing list