Hi Tom,
Yes, I think Rasmus is correct. I didn't have any real cases that can trigger the bug. So let's don't include this patch. I'll see if I can revert this in AOSP's branch.
Yours, Paul
Y
On Tue, 15 Aug 2023 at 22:42, Tom Rini trini@konsulko.com wrote:
On Thu, Mar 09, 2023 at 10:12:21AM +0800, Ying-Chun Liu (PaulLiu) wrote:
From: Tom Cherry tomcherry@google.com
vsnprintf_internal() adds 'size' to 'buf' and vsprintf() sets 'size' to 'INT_MAX' which can overflow. This causes sprintf() to fail when initializing the environment on 8GB.
Instead of using 'INT_MAX', we use SIZE_MAX - buf, which is the largest possible string that could fit without overflowing 'size'.
Signed-off-by: Tom Cherry tomcherry@google.com [ Paul: pick from the Android tree. Rebase to the upstream ] Signed-off-by: Ying-Chun Liu (PaulLiu) paul.liu@linaro.org Cc: Tom Rini trini@konsulko.com Link:
https://android.googlesource.com/platform/external/u-boot/+/43aae5d4415e0f9d...
So, this link here leads back to https://issuetracker.google.com/issues/200479053 which isn't public.
Rasmus followed up and asked pointed questions, that weren't followed up on.
-- Tom