[U-Boot] [PATCH 1/1] siemens: avoid out of bound access
Heinrich Schuchardt
xypron.glpk at gmx.de
Thu Aug 22 19:58:26 UTC 2019
char num[1];
sprintf(num, "%d", i);
leads to a buffer overrun.
Simplify the overly complex coding.
Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
---
board/siemens/common/board.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/board/siemens/common/board.c b/board/siemens/common/board.c
index 676935a843..75462d1c34 100644
--- a/board/siemens/common/board.c
+++ b/board/siemens/common/board.c
@@ -189,14 +189,11 @@ void set_env_gpios(unsigned char state)
{
char *ptr_env;
char str_tmp[5]; /* must contain "ledX"*/
- char num[1];
unsigned char i, idx, pos1, pos2, ccount;
unsigned char gpio_n, gpio_s0, gpio_s1;
for (i = 0; i < MAX_NR_LEDS; i++) {
- strcpy(str_tmp, "led");
- sprintf(num, "%d", i);
- strcat(str_tmp, num);
+ sprintf(str_tmp, "led%d", i);
/* If env var is not found we stop */
ptr_env = env_get(str_tmp);
--
2.20.1
More information about the U-Boot
mailing list