[U-Boot] [PATCH 2/2] tools: mkenvimage: Fix possible segfault on stdin input

Alexander Dahl ada at thorsis.com
Fri Apr 20 13:29:31 UTC 2018


The size of 'filebuf' was not increased as more and more bytes are read
from stdin, but 'filebuf' was always reallocated to the same fix size.
This works as long as only less bytes than the initial buffer size come
in, for more input this will segfault. (It actually does, I tested
that.) So for each loop cycle the buffer size has to be increased by the
number of bytes we want to read.

Signed-off-by: Alexander Dahl <ada at thorsis.com>
---
 tools/mkenvimage.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/mkenvimage.c b/tools/mkenvimage.c
index 716cb73a5c..8cd9ffa1c6 100644
--- a/tools/mkenvimage.c
+++ b/tools/mkenvimage.c
@@ -162,7 +162,7 @@ int main(int argc, char **argv)
 		txt_fd = STDIN_FILENO;
 
 		do {
-			filebuf = realloc(filebuf, readlen);
+			filebuf = realloc(filebuf, filesize + readlen);
 			if (!filebuf) {
 				fprintf(stderr, "Can't realloc memory for the input file buffer\n");
 				return EXIT_FAILURE;
-- 
2.11.0



More information about the U-Boot mailing list