[U-Boot-Users] Buffer overflow in print_data() in ft_build.c
9 Oct
2006
9 Oct
'06
12:26 p.m.
Hi!
In print_data() in ft_build.c, printf() is used to print strings of arbitrary length from the device tree, which will cause a buffer overflow that crashes U-Boot if any of these strings is longer than CFG_PBSIZE.
(I encountered this while debugging my flat device tree while having a very long kernel parameter line.)
The attached patch changes print_data() to use puts() instead, which doesn't have the buffer overflow problem.
Cheers // Fredrik Roubert
--
Visserij 192 | +32 473 344527 / +46 708 776974
BE-9000 Gent | http://www.df.lth.se/~roubert/
diff -ur u-boot-2006-06-30-2020.orig/common/ft_build.c u-boot-2006-06-30-2020/common/ft_build.c
--- u-boot-2006-06-30-2020.orig/common/ft_build.c 2006-06-30 20:16:37.000000000 +0200
+++ u-boot-2006-06-30-2020/common/ft_build.c 2006-10-09 12:12:56.000000000 +0200
@@ -293,7 +293,9 @@
return;
if (is_printable_string(data, len)) {
- printf(" = "%s"", (char *)data);
+ puts(" = "");
+ puts(data);
+ puts(""");
return;
}
9 Oct
9 Oct
12:51 p.m.
In message 20061009102605.GA4171@igloo.df.lth.se you wrote:
The attached patch changes print_data() to use puts() instead, which doesn't have the buffer overflow problem.
Applied, thanks. But please provide a proper CHANGELOG entry next time.
Best regards,
Wolfgang Denk
--
Software Engineering: Embedded and Realtime Systems, Embedded Linux
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de
A Puritan is someone who is deathly afraid that someone, somewhere,
is having fun.
6785
Age (days ago)
6785
Last active (days ago)
1 comments
2 participants
participants (2)
-
Fredrik Roubert -
Wolfgang Denk