[PATCH 1/1] lib/vsprintf.c: fix integer overflow in vsprintf
Tom Rini
trini at konsulko.com
Tue Aug 15 16:42:27 CEST 2023
On Thu, Mar 09, 2023 at 10:12:21AM +0800, Ying-Chun Liu (PaulLiu) wrote:
> From: Tom Cherry <tomcherry at google.com>
>
> vsnprintf_internal() adds 'size' to 'buf' and vsprintf() sets 'size'
> to 'INT_MAX' which can overflow. This causes sprintf() to fail when
> initializing the environment on 8GB.
>
> Instead of using 'INT_MAX', we use SIZE_MAX - buf, which is the
> largest possible string that could fit without overflowing 'size'.
>
> Signed-off-by: Tom Cherry <tomcherry at google.com>
> [ Paul: pick from the Android tree. Rebase to the upstream ]
> Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu at linaro.org>
> Cc: Tom Rini <trini at konsulko.com>
> Link: https://android.googlesource.com/platform/external/u-boot/+/43aae5d4415e0f9d744fb798acd52429d09957ce
So, this link here leads back to
https://issuetracker.google.com/issues/200479053 which isn't public.
Rasmus followed up and asked pointed questions, that weren't followed up
on.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20230815/26bc38c8/attachment.sig>
More information about the U-Boot
mailing list