[PATCH] mkimage: fit: Simplify tmpfile name calculation

[Heinrich Schuchardt]

On 4/8/22 21:45, Sean Anderson wrote:
> snprintf will not overrun the buffer, and will return the number of
> characters which would have been printed (had the buffer been large
> enough). This allows us to create the tmpfile name and check for
> overflow in one pass.
>
> Signed-off-by: Sean Anderson <sean.anderson at seco.com>
> ---
>
>   tools/fit_image.c | 5 ++---
>   1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/tools/fit_image.c b/tools/fit_image.c
> index 1884a2eb0b..0d5a6a28f9 100644
> --- a/tools/fit_image.c
> +++ b/tools/fit_image.c
> @@ -684,14 +684,13 @@ static int fit_handle_file(struct image_tool_params *params)
>   	debug ("FIT format handling\n");
>
>   	/* call dtc to include binary properties into the tmp file */
> -	if (strlen (params->imagefile) +
> -		strlen (MKIMAGE_TMPFILE_SUFFIX) + 1 > sizeof (tmpfile)) {
> +	if (snprintf(tmpfile, sizeof(tmpfile), "%s%s", params->imagefile,
> +		     MKIMAGE_TMPFILE_SUFFIX) >= sizeof(tmpfile)) {

params->imagefile is not a mere file name but a path to a file which may
be PATH_MAX (typically 4096) characters long. Don't impose a 256
character limit. Use PATH_MAX instead of any other limit.

Anyway it would be better to avoid superfluous file operations and write
to the output file only.

Best regards

Heinrich

>   		fprintf (stderr, "%s: Image file name (%s) too long, "
>   				"can't create tmpfile.\n",
>   				params->imagefile, params->cmdname);
>   		return (EXIT_FAILURE);
>   	}
> -	sprintf (tmpfile, "%s%s", params->imagefile, MKIMAGE_TMPFILE_SUFFIX);
>
>   	/* We either compile the source file, or use the existing FIT image */
>   	if (params->auto_its) {