Hi Anatolij,

On Tuesday 23 February 2010 16:18:30 Anatolij Gustschin wrote:

The length of configured MTDPARTS_DEFAULT string could be greater than console printbuffer size. Replace printf() by puts() to avoid potential buffer overflows.

Signed-off-by: Anatolij Gustschin agust@denx.de

Changes since v1:

• use puts() instead of printf() as suggested by Wolfgang.

common/cmd_mtdparts.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/common/cmd_mtdparts.c b/common/cmd_mtdparts.c index b375fea..0fd5ce2 100644 --- a/common/cmd_mtdparts.c +++ b/common/cmd_mtdparts.c @@ -1254,8 +1254,9 @@ static void list_partitions(void) printf("\ndefaults:\n"); printf("mtdids : %s\n", mtdids_default ? mtdids_default : "none");

• printf("mtdparts: %s\n",

• mtdparts_default ? mtdparts_default : "none");
  

• puts("mtdparts: ");
• puts(mtdparts_default ? mtdparts_default : "none");
• puts("\n");

It might make sense to add a comment here, describing why you use these puts() calls instead of one printf(). Otherwise somebody else might trip into this problem again in a later time.

Cheers, Stefan

-- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-0 Fax: (+49)-8142-66989-80 Email: office@denx.de