[PATCH v3] boot: pxe_utils: Fix incorrect allocation of overlay_dir
Surkov Kirill
fanra3.tk at gmail.com
Thu Nov 20 20:18:47 CET 2025
The function label_boot_extension() calls snprintf on a buffer
overlay_dir. However, this buffer is not initialized properly. In the
"if" branch it is initialized using a variable "len", which is smaller
than the resulting buffer. In the "else" branch this variable is not
initialized at all. This results in a crash when calling a "sysboot"
command.
This commit fixes this issue.
Signed-off-by: Surkov Kirill <fanra3.tk at gmail.com>
---
boot/pxe_utils.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c
index 038416203fc..a2a9810a4cf 100644
--- a/boot/pxe_utils.c
+++ b/boot/pxe_utils.c
@@ -474,7 +474,7 @@ static void label_boot_extension(struct pxe_context *ctx,
slash = "";
dir_len = strlen(label->fdtdir) + strlen(slash) + 1;
- overlay_dir = calloc(1, len);
+ overlay_dir = calloc(1, dir_len);
if (!overlay_dir)
return;
@@ -482,6 +482,9 @@ static void label_boot_extension(struct pxe_context *ctx,
slash);
} else {
dir_len = 2;
+ overlay_dir = calloc(1, dir_len);
+ if (!overlay_dir)
+ return;
snprintf(overlay_dir, dir_len, "/");
}
--
2.43.0
More information about the U-Boot
mailing list