If the string is copied without NULL termination using strncpy(), then strncat() on the next line, may concatenate the string after some stale (or random) data, if the response string was not zero-initialized.
Signed-off-by: Dileep Katta dileep.katta@linaro.org --- common/fb_mmc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/common/fb_mmc.c b/common/fb_mmc.c index 3911989..73055cc 100644 --- a/common/fb_mmc.c +++ b/common/fb_mmc.c @@ -23,13 +23,13 @@ static char *response_str;
void fastboot_fail(const char *s) { - strncpy(response_str, "FAIL", 4); + strncpy(response_str, "FAIL\0", 5); strncat(response_str, s, RESPONSE_LEN - 4 - 1); }
void fastboot_okay(const char *s) { - strncpy(response_str, "OKAY", 4); + strncpy(response_str, "OKAY\0", 5); strncat(response_str, s, RESPONSE_LEN - 4 - 1); }