[PATCH] fs: fat: Prevent possible buffer overflow
Martin Husemann
martin at NetBSD.org
Thu Jul 17 18:57:50 CEST 2025
On Thu, Jul 17, 2025 at 04:38:50PM +0100, Andrew Goodbody wrote:
> The original use of strcpy suggests that the string must be \0 terminated. I
> will admit that I do not know the code well, is dir->itr.name guaranteed to
> be a known fixed size?
You are right, the iterator's name pointer always points to a \0 terminated
string, but also always points to one shorter than FS_DIRENT_NAME_LEN.
The on-disk fields are not \0 terminated, but the code extracting them
deals with it properly. If the length would overflow, a NULL instead
of a dir_entry * is returned, so while it is not obvious, AFAICT the
original code is fine.
Martin
More information about the U-Boot
mailing list