[PATCH 1/1] lib/vsprintf.c: fix integer overflow in vsprintf

Tom Rini trini at konsulko.com
Tue Aug 15 16:42:27 CEST 2023


On Thu, Mar 09, 2023 at 10:12:21AM +0800, Ying-Chun Liu (PaulLiu) wrote:

> From: Tom Cherry <tomcherry at google.com>
> 
> vsnprintf_internal() adds 'size' to 'buf' and vsprintf() sets 'size'
> to 'INT_MAX' which can overflow.  This causes sprintf() to fail when
> initializing the environment on 8GB.
> 
> Instead of using 'INT_MAX', we use SIZE_MAX - buf, which is the
> largest possible string that could fit without overflowing 'size'.
> 
> Signed-off-by: Tom Cherry <tomcherry at google.com>
> [ Paul: pick from the Android tree. Rebase to the upstream ]
> Signed-off-by: Ying-Chun Liu (PaulLiu) <paul.liu at linaro.org>
> Cc: Tom Rini <trini at konsulko.com>
> Link: https://android.googlesource.com/platform/external/u-boot/+/43aae5d4415e0f9d744fb798acd52429d09957ce

So, this link here leads back to
https://issuetracker.google.com/issues/200479053 which isn't public.

Rasmus followed up and asked pointed questions, that weren't followed up
on.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20230815/26bc38c8/attachment.sig>


More information about the U-Boot mailing list