[PATCH 1/2] bios_emulator: Fix buffer overflow
Andrew Goodbody
andrew.goodbody at linaro.org
Wed Jul 23 12:34:35 CEST 2025
Using strcpy to copy a 4 character string into a 4 byte field in a
structure will overflow that field as it writes the terminating \0 into
the following field. Correct this by using memcpy instead.
This issue was found by Smatch.
Signed-off-by: Andrew Goodbody <andrew.goodbody at linaro.org>
---
drivers/bios_emulator/atibios.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/bios_emulator/atibios.c b/drivers/bios_emulator/atibios.c
index d544ffb5ffb..e992a1aa822 100644
--- a/drivers/bios_emulator/atibios.c
+++ b/drivers/bios_emulator/atibios.c
@@ -99,7 +99,7 @@ static int atibios_debug_mode(BE_VGAInfo *vga_info, RMREGS *regs,
regs->e.edi = buffer_adr;
info = buffer;
memset(info, '\0', sizeof(*info));
- strcpy(info->signature, "VBE2");
+ memcpy(info->signature, "VBE2", 4);
BE_int86(0x10, regs, regs);
if (regs->e.eax != 0x4f) {
debug("VESA_GET_INFO: error %x\n", regs->e.eax);
--
2.39.5
More information about the U-Boot
mailing list