[U-Boot-Users] Buffer overflow in print_data() in ft_build.c

9 Oct 2006

Hi!
In print_data() in ft_build.c, printf() is used to print strings of
arbitrary length from the device tree, which will cause a buffer
overflow that crashes U-Boot if any of these strings is longer than
CFG_PBSIZE.
(I encountered this while debugging my flat device tree while having a
very long kernel parameter line.)
The attached patch changes print_data() to use puts() instead, which
doesn't have the buffer overflow problem.
Cheers // Fredrik Roubert
-- 
Visserij 192  |  +32 473 344527 / +46 708 776974
BE-9000 Gent  |  http://www.df.lth.se/~roubert/

diff -ur u-boot-2006-06-30-2020.orig/common/ft_build.c u-boot-2006-06-30-2020/common/ft_build.c

--- u-boot-2006-06-30-2020.orig/common/ft_build.c	2006-06-30 20:16:37.000000000 +0200
+++ u-boot-2006-06-30-2020/common/ft_build.c	2006-10-09 12:12:56.000000000 +0200
@@ -293,7 +293,9 @@
    	return;

    if (is_printable_string(data, len)) {
-		printf(" = "%s"", (char *)data);
+		puts(" = "");
+		puts(data);
+		puts(""");
    	return;
    }


    