[PATCH v1 1/2] tools: mkimage: fix get_basename crash on paths with dotted directories
Quentin Schulz
quentin.schulz at cherry.de
Thu May 21 11:12:34 CEST 2026
Hi Aristo,
On 5/21/26 4:34 AM, Aristo Chen wrote:
> The get_basename() helper in tools/fit_image.c searches the entire input
> path for the last '/' and the last '.' independently. When the last '.'
> falls at an offset earlier than the last '/' (for example "./mydt",
> "a.b/c", or "sub.d/leaf"), 'end' points before 'start' and the computed
> length is negative. The subsequent size check uses signed comparison so
> the negative value passes through unchanged, and memcpy() is then called
> with that length implicitly cast to size_t, which segfaults.
>
> Restrict the dot search to the substring that follows the last slash so
> that only an extension in the filename component can become the end of
> the basename. This matches the function's stated intent of stripping an
> extension from the leaf, and keeps the existing behaviour for typical
> inputs such as "arch/arm/dts/foo.dtb".
>
> Reproducer that previously segfaulted and now produces a valid image:
>
> echo dummy > kernel.bin
> echo dummy > ./mydt
> ./tools/mkimage -f auto -A arm -O linux -T kernel -C none \
> -a 0x80000000 -e 0x80000000 -n test \
> -d kernel.bin -b ./mydt out.itb
>
> Signed-off-by: Aristo Chen <aristo.chen at canonical.com>
Reviewed-by: Quentin Schulz <quentin.schulz at cherry.de>
Thanks!
Quentin
More information about the U-Boot
mailing list