[PATCH] mkimage: fit: Simplify tmpfile name calculation
Heinrich Schuchardt
xypron.glpk at gmx.de
Fri Apr 8 22:25:04 CEST 2022
On 4/8/22 21:45, Sean Anderson wrote:
> snprintf will not overrun the buffer, and will return the number of
> characters which would have been printed (had the buffer been large
> enough). This allows us to create the tmpfile name and check for
> overflow in one pass.
>
> Signed-off-by: Sean Anderson <sean.anderson at seco.com>
> ---
>
> tools/fit_image.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/tools/fit_image.c b/tools/fit_image.c
> index 1884a2eb0b..0d5a6a28f9 100644
> --- a/tools/fit_image.c
> +++ b/tools/fit_image.c
> @@ -684,14 +684,13 @@ static int fit_handle_file(struct image_tool_params *params)
> debug ("FIT format handling\n");
>
> /* call dtc to include binary properties into the tmp file */
> - if (strlen (params->imagefile) +
> - strlen (MKIMAGE_TMPFILE_SUFFIX) + 1 > sizeof (tmpfile)) {
> + if (snprintf(tmpfile, sizeof(tmpfile), "%s%s", params->imagefile,
> + MKIMAGE_TMPFILE_SUFFIX) >= sizeof(tmpfile)) {
params->imagefile is not a mere file name but a path to a file which may
be PATH_MAX (typically 4096) characters long. Don't impose a 256
character limit. Use PATH_MAX instead of any other limit.
Anyway it would be better to avoid superfluous file operations and write
to the output file only.
Best regards
Heinrich
> fprintf (stderr, "%s: Image file name (%s) too long, "
> "can't create tmpfile.\n",
> params->imagefile, params->cmdname);
> return (EXIT_FAILURE);
> }
> - sprintf (tmpfile, "%s%s", params->imagefile, MKIMAGE_TMPFILE_SUFFIX);
>
> /* We either compile the source file, or use the existing FIT image */
> if (params->auto_its) {
More information about the U-Boot
mailing list