[U-Boot] mtdparts: fixed buffer overflow bug

Tom Rini trini at konsulko.com
Thu Jul 26 19:54:11 UTC 2018


On Tue, Jul 17, 2018 at 08:19:39AM +0200, Kay Potthoff wrote:

> In the case that there was no name defined for a partition the
> code assumes that name_len is 22 and therefore allocates exactly
> that space for a dummy name. But the function sprintf() first
> resolves "0x%08llx at 0x%08llx" to a string that is longer than 22
> bytes. This leads to a buffer overflow. The replacement function
> snprintf() limits the copied bytes to name_len and therefore
> avoids the buffer overflow.
> 
> Signed-off-by: Kay Potthoff <Kay.Potthoff at microsys.de>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20180726/57b652f5/attachment.sig>


More information about the U-Boot mailing list