[PATCH 1/3] board: samsung: fix set_board_info() board_name buffer overflow

Sat Mar 28 07:01:31 CET 2026

Replace unbounded sprintf() with snprintf() using sizeof(info) as
the bound when constructing the board_name string from bdname and
bdtype. The previous call had no size limit and could overflow the
64-byte stack buffer if the concatenated string exceeded 63 bytes.

Fixes: c9c36bf56e4c ("samsung: misc: use board specific functions to set env board info")
Signed-off-by: Ngo Luong Thanh Tra <S4210155 at student.rmit.edu.au>
To: u-boot at lists.denx.de
---

 board/samsung/common/misc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/board/samsung/common/misc.c b/board/samsung/common/misc.c
index c134a9d70e2..6718f607875 100644
--- a/board/samsung/common/misc.c
+++ b/board/samsung/common/misc.c
@@ -104,7 +104,7 @@ void set_board_info(void)
 	if (!bdtype)
 		bdtype = "";
 
-	sprintf(info, "%s%s", bdname, bdtype);
+	snprintf(info, sizeof(info), "%s%s", bdname, bdtype);
 	env_set("board_name", info);
 #endif
 	snprintf(info, ARRAY_SIZE(info),  "%s%x-%s%s.dtb",
-- 
2.53.0

base-commit: c704af3c8b0f37929bce8c2a4bba27d6e89919c7
branch: fix/sys-cbsize-overflow-series
