[PATCH] board: nanopi2: fix bd_update_env() cmdline buffer overflow
Tom Rini
trini at konsulko.com
Tue Apr 14 01:35:52 CEST 2026
On Sat, 28 Mar 2026 12:15:48 +0700, Ngo Luong Thanh Tra wrote:
> Replace unbounded strcpy()/sprintf() calls with snprintf() and
> check the return value against remaining buffer capacity at each
> append step. The previous size guard did not account for
> subsequent dpi suffix, remaining bootargs tail, and bootdev
> token appends, allowing overflow when those later writes exceed
> the remaining space.
>
> [...]
Applied to u-boot/master, thanks!
[1/1] board: nanopi2: fix bd_update_env() cmdline buffer overflow
commit: 163d939b2839e156e58c234f07bf987228b91137
--
Tom
More information about the U-Boot
mailing list