[PATCH] boot: pxe_utils: Fix potential initrd_filesize buffer overflow
Francois Berder
fberder at outlook.fr
Fri May 15 22:35:03 CEST 2026
ulong is 64 bits on 64-bit platforms. Hence, simple_xtoa can
produce up to 16 hex characters + NULL byte. The initrd_filesize
buffer is only 10 bytes which can cause a buffer overflow on
every PXE boot that loads an initrd on an address greater than
4GB.
Increase buffer size to 17 bytes to hold the maximum hex
representation of a 64-bit address.
Signed-off-by: Francois Berder <fberder at outlook.fr>
---
boot/pxe_utils.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c
index 419ab1f1b0e..8c1310dabeb 100644
--- a/boot/pxe_utils.c
+++ b/boot/pxe_utils.c
@@ -546,7 +546,7 @@ static int label_boot(struct pxe_context *ctx, struct pxe_label *label)
char *zboot_argv[] = { "zboot", NULL, "0", NULL, NULL };
char *kernel_addr = NULL;
char *initrd_addr_str = NULL;
- char initrd_filesize[10];
+ char initrd_filesize[17];
char initrd_str[28];
char mac_str[29] = "";
char ip_str[68] = "";
--
2.43.0
More information about the U-Boot
mailing list