U-Boot TFTP OACK option parser reads past unterminated values
Tom Rini
trini at konsulko.com
Thu May 28 17:47:45 CEST 2026
On Thu, May 28, 2026 at 03:46:51PM +0100, Josh Law wrote:
> On May 27, 2026 7:55:58 PM GMT+01:00, "Lee, Brian J"
> <hibrian827 at gatech.edu> wrote:
> >Thank you for the acknowledgements! I apologize reproducing the PoC had
> >difficulties due to poor quality. I will make sure to improve that. Thank
> >you!
> >
> >Best regards,
> >Brian
>
> Hey Brian, sorry for the unexpected email
>
>
> After playing with my server slightly, I got your script running :)
>
> [run.sh] reusing existing
> /home/josh/stuff/u-boot/INT-tftp-uboot-short-ack-oob/INT-tftp-uboot-short-ack-oob/poc/source
> at
> 215496fec59b3fa09256b4fb62f92af46e2ec7f9
> ERROR: AddressSanitizer: heap-buffer-overflow
>
> I've CCed more people who can help you here.
All,
I'm sorry that if in the end it turns out I'm wrong here, but given all
of the public evidence:
https://lore.kernel.org/u-boot/c67720e2-bb73-43ab-9d75-851ef1f4afaf@kernel.org/
https://lore.kernel.org/u-boot/ahXPidpyl-qRMOkH@google.com/
https://lore.kernel.org/u-boot/64b5a656-d73d-4c72-95b1-3c843b18c2f1@digi.com/
I do not believe Josh Law is a human but rather some LLM agent. Please
disregard their feedback.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20260528/29ff6092/attachment.sig>
More information about the U-Boot
mailing list