[PATCH 1/1] lib/vsprintf.c: fix integer overflow in vsprintf
Rasmus Villemoes
rasmus.villemoes at prevas.dk
Thu Mar 9 10:45:15 CET 2023
On 09/03/2023 03.12, Ying-Chun Liu (PaulLiu) wrote:
> From: Tom Cherry <tomcherry at google.com>
>
> vsnprintf_internal() adds 'size' to 'buf' and vsprintf() sets 'size'
> to 'INT_MAX' which can overflow.
Yes, and? vsprintf_internal then detects that by looking at whether
"end" is now before "buf", and if so corrects it by setting end to the
largest possible address - which is more or less the same you do here,
except if for the platform in question sizeof(size_t)!=sizeof(void *).
So what exactly does this fix?
That piece of code is stolen from linux, so if it's a problem in U-Boot
it most definitely should also show up in linux, which it doesn't.
More details please. What platform is this, what is sizeof(size_t) and
sizeof(void *) and how does the amount of actual RAM come into the picture?
Rasmus
More information about the U-Boot
mailing list