[PATCH 2/8] acpi: Fix buffer overflow in do_acpi_dump()
Andrew Scull
ascull at google.com
Sun Apr 3 12:39:09 CEST 2022
When do_acpi_dump() converts the table name to upper case, pass the
actual size of the output buffer so that the null terminator doesn't get
written beyond the end of the buffer.
Signed-off-by: Andrew Scull <ascull at google.com>
Cc: Simon Glass <sjg at chromium.org>
Cc: Wolfgang Wallner <wolfgang.wallner at br-automation.com>
Cc: Bin Meng <bmeng.cn at gmail.com>
---
cmd/acpi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cmd/acpi.c b/cmd/acpi.c
index c543f1e3c2..0e473b415d 100644
--- a/cmd/acpi.c
+++ b/cmd/acpi.c
@@ -178,7 +178,7 @@ static int do_acpi_dump(struct cmd_tbl *cmdtp, int flag, int argc,
printf("Table name '%s' must be four characters\n", name);
return CMD_RET_FAILURE;
}
- str_to_upper(name, sig, -1);
+ str_to_upper(name, sig, ACPI_NAME_LEN);
ret = dump_table_name(sig);
if (ret) {
printf("Table '%.*s' not found\n", ACPI_NAME_LEN, sig);
--
2.35.1.1094.g7c7d902a7c-goog
More information about the U-Boot
mailing list