[PATCH 0/1] lib/vsprintf.c: fix integer overflow in vsprintf
Ying-Chun Liu (PaulLiu)
paul.liu at linaro.org
Thu Mar 9 03:12:20 CET 2023
vsnprintf_internal() adds 'size' to 'buf' and vsprintf() sets 'size'
to 'INT_MAX' which can overflow. This causes sprintf() to fail when
initializing the environment on 8GB.
Instead of using 'INT_MAX', we use SIZE_MAX - buf, which is the
largest possible string that could fit without overflowing 'size'.
Tom Cherry (1):
lib/vsprintf.c: fix integer overflow in vsprintf
lib/vsprintf.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--
2.39.2
More information about the U-Boot
mailing list