[PATCH] cmd: upl: fix off-by-one argc check in do_upl_read
Naveen Kumar Chaudhary
naveen.osdev at gmail.com
Fri Jun 26 05:49:18 CEST 2026
do_upl_read() guards against missing arguments with "argc < 1", but
argc always counts argv[0] (the command name) so that condition is
never true. The function then unconditionally dereferences argv[1],
which is out of bounds when the user runs "upl read" with no address
argument and feeds garbage into hextoul()/map_sysmem().
Use "argc < 2" so the address argument is actually required.
Fixes: 264f4b0b34c ("upl: Add a command")
Signed-off-by: Naveen Kumar Chaudhary <naveen.osdev at gmail.com>
---
cmd/upl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cmd/upl.c b/cmd/upl.c
index ef2183d8528..be21ec258cb 100644
--- a/cmd/upl.c
+++ b/cmd/upl.c
@@ -93,7 +93,7 @@ static int do_upl_read(struct cmd_tbl *cmdtp, int flag, int argc,
ulong addr;
int ret;
- if (argc < 1)
+ if (argc < 2)
return CMD_RET_USAGE;
addr = hextoul(argv[1], NULL);
--
2.43.0
More information about the U-Boot
mailing list