Hi Lukasz,
On Wed, Jul 25, 2018 at 12:22 AM, Lukasz Majewski lukma@denx.de wrote:
Hi Sam,
On Sat, Jun 30, 2018 at 7:20 AM, Simon Glass sjg@chromium.org wrote:
On 29 June 2018 at 11:59, Sam Protsenko semen.protsenko@linaro.org wrote:
In case when user provides '-' as USB controller index, like this:
=> fastboot -data abort occurs in strcmp() function in do_fastboot(), here:
if (!strcmp(argv[1], "udp"))(tested on BeagleBone Black).
That's because argv[1] is NULL when user types in the '-', and null pointer dereference occurs in strcmp() (which is ok according to C standard specification). So we must validate user input to prevent such behavior.
While at it, check also the result of strtoul() function and handle error cases properly.
Signed-off-by: Sam Protsenko semen.protsenko@linaro.org
Changes for v2:
- replace argv check with argc check
- add mentioning of testing platform in commit message
cmd/fastboot.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-)
Reviewed-by: Simon Glass sjg@chromium.org
Hi Lukasz,
Can you please review and merge?
I've noticed that I was not CC'ed, so I've missed the patch from the mailing list. You may consider using patman for sending patches (which adds recipients automatically).
The patch itself seems OK - thanks.
Reviewed-by: Lukasz Majewski lukma@denx.de
I've added it to u-boot-dfu tree. Lets wait for Travis-CI output.
u-boot-usb was merged into master recently, but this patch is still missing in master. Can you please check that for me, I'm afraid it could have been lost...
Thanks!
Thanks!
Best regards,
Lukasz Majewski
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de