[PATCH] boot: pxe_utils: Fix potential initrd_filesize buffer overflow
Jerome Forissier
jerome.forissier at arm.com
Tue May 19 11:31:51 CEST 2026
On 15/05/2026 22:35, Francois Berder wrote:
> ulong is 64 bits on 64-bit platforms. Hence, simple_xtoa can
> produce up to 16 hex characters + NULL byte. The initrd_filesize
> buffer is only 10 bytes which can cause a buffer overflow on
> every PXE boot that loads an initrd on an address greater than
> 4GB.
>
> Increase buffer size to 17 bytes to hold the maximum hex
> representation of a 64-bit address.
>
> Signed-off-by: Francois Berder <fberder at outlook.fr>
> ---
> boot/pxe_utils.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c
> index 419ab1f1b0e..8c1310dabeb 100644
> --- a/boot/pxe_utils.c
> +++ b/boot/pxe_utils.c
> @@ -546,7 +546,7 @@ static int label_boot(struct pxe_context *ctx, struct pxe_label *label)
> char *zboot_argv[] = { "zboot", NULL, "0", NULL, NULL };
> char *kernel_addr = NULL;
> char *initrd_addr_str = NULL;
> - char initrd_filesize[10];
> + char initrd_filesize[17];
> char initrd_str[28];
> char mac_str[29] = "";
> char ip_str[68] = "";
Reviewed-by: Jerome Forissier <jerome.forissier at arm.com>
...and added to the net queue. Thanks!
--
Jerome
More information about the U-Boot
mailing list