[PATCH v2] common: cli_hush: fix console_buffer overflow on boot retry

[Simon Glass]

Hi,

On 2026-03-31T03:25:11, Ngo Luong Thanh Tra <ngotra27101996 at gmail.com> wrote:
> common: cli_hush: fix console_buffer overflow on boot retry
>
> Add const_strcpy() macro to <linux/build_bug.h> that enforces at
> compile time that the destination is a char array (not a pointer),
> the source is a string literal, and the source fits in the
> destination including the NUL terminator. It uses __builtin_strcpy()
> so the compiler can optimize the copy.
>
> Fix the console_buffer extern declaration in <console.h> to include
> the array size so that sizeof(console_buffer) is valid at call sites.
>
> Replace the unbounded strcpy() in cli_hush.c with const_strcpy() to
> catch at compile time any configuration where CONFIG_SYS_CBSIZE is
> smaller than the boot retry command string.
>
> Fixes: 657e19f8f2dd ("cli_hush: support running bootcmd on boot retry")
> Signed-off-by: Ngo Luong Thanh Tra <S4210155 at student.rmit.edu.au>
> To: u-boot at lists.denx.de
> Reviewed-by: Alexander Sverdlin <alexander.sverdlin at siemens.com>

> diff --git a/include/linux/build_bug.h b/include/linux/build_bug.h
> @@ -76,4 +76,27 @@
> +#define const_strcpy(d, s) ({                                                \
> +     BUILD_BUG_ON(__builtin_types_compatible_p(typeof(d), char *));  \

The macro checks that d is not char * but not const char * so if
someone passes a const char array, the first BUILD_BUG_ON passes
(since const char[] becomes const char *, not char *), but
__builtin_strcpy() would still fail because it cannot write to const
memory. The error message would be less clear though.

How about a check for const char * as well:

    BUILD_BUG_ON(__builtin_types_compatible_p(typeof(d), char *));
    BUILD_BUG_ON(__builtin_types_compatible_p(typeof(d), const char *));

Regards,
Simon