[PATCH] mkimage: fit: Simplify tmpfile name calculation
snprintf will not overrun the buffer, and will return the number of characters which would have been printed (had the buffer been large enough). This allows us to create the tmpfile name and check for overflow in one pass.
Signed-off-by: Sean Anderson sean.anderson@seco.com ---
tools/fit_image.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/tools/fit_image.c b/tools/fit_image.c index 1884a2eb0b..0d5a6a28f9 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -684,14 +684,13 @@ static int fit_handle_file(struct image_tool_params *params) debug ("FIT format handling\n");
/* call dtc to include binary properties into the tmp file */ - if (strlen (params->imagefile) + - strlen (MKIMAGE_TMPFILE_SUFFIX) + 1 > sizeof (tmpfile)) { + if (snprintf(tmpfile, sizeof(tmpfile), "%s%s", params->imagefile, + MKIMAGE_TMPFILE_SUFFIX) >= sizeof(tmpfile)) { fprintf (stderr, "%s: Image file name (%s) too long, " "can't create tmpfile.\n", params->imagefile, params->cmdname); return (EXIT_FAILURE); } - sprintf (tmpfile, "%s%s", params->imagefile, MKIMAGE_TMPFILE_SUFFIX);
/* We either compile the source file, or use the existing FIT image */ if (params->auto_its) {
On 4/8/22 21:45, Sean Anderson wrote:
snprintf will not overrun the buffer, and will return the number of characters which would have been printed (had the buffer been large enough). This allows us to create the tmpfile name and check for overflow in one pass.
Signed-off-by: Sean Anderson sean.anderson@seco.com
tools/fit_image.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/tools/fit_image.c b/tools/fit_image.c index 1884a2eb0b..0d5a6a28f9 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -684,14 +684,13 @@ static int fit_handle_file(struct image_tool_params *params) debug ("FIT format handling\n");
/* call dtc to include binary properties into the tmp file */
- if (strlen (params->imagefile) +
strlen (MKIMAGE_TMPFILE_SUFFIX) + 1 > sizeof (tmpfile)) {
- if (snprintf(tmpfile, sizeof(tmpfile), "%s%s", params->imagefile,
MKIMAGE_TMPFILE_SUFFIX) >= sizeof(tmpfile)) {
params->imagefile is not a mere file name but a path to a file which may be PATH_MAX (typically 4096) characters long. Don't impose a 256 character limit. Use PATH_MAX instead of any other limit.
Anyway it would be better to avoid superfluous file operations and write to the output file only.
Best regards
Heinrich
fprintf (stderr, "%s: Image file name (%s) too long, " "can't create tmpfile.\n", params->imagefile, params->cmdname); return (EXIT_FAILURE);}
sprintf (tmpfile, "%s%s", params->imagefile, MKIMAGE_TMPFILE_SUFFIX);
/* We either compile the source file, or use the existing FIT image */ if (params->auto_its) {
Hi Heinrich,
On 4/8/22 4:25 PM, Heinrich Schuchardt wrote:
On 4/8/22 21:45, Sean Anderson wrote:
snprintf will not overrun the buffer, and will return the number of characters which would have been printed (had the buffer been large enough). This allows us to create the tmpfile name and check for overflow in one pass.
Signed-off-by: Sean Anderson sean.anderson@seco.com
tools/fit_image.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/tools/fit_image.c b/tools/fit_image.c index 1884a2eb0b..0d5a6a28f9 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -684,14 +684,13 @@ static int fit_handle_file(struct image_tool_params *params) debug ("FIT format handling\n");
/* call dtc to include binary properties into the tmp file */ - if (strlen (params->imagefile) + - strlen (MKIMAGE_TMPFILE_SUFFIX) + 1 > sizeof (tmpfile)) { + if (snprintf(tmpfile, sizeof(tmpfile), "%s%s", params->imagefile, + MKIMAGE_TMPFILE_SUFFIX) >= sizeof(tmpfile)) {
params->imagefile is not a mere file name but a path to a file which may be PATH_MAX (typically 4096) characters long. Don't impose a 256 character limit. Use PATH_MAX instead of any other limit.
Send a patch to change MKIMAGE_MAX_TMPFILE_LEN to PATH_MAX :)
Anyway it would be better to avoid superfluous file operations and write to the output file only.
Yes, probably, but I don't have time to refactor it right now.
--Sean
participants (2)
-
Heinrich Schuchardt -
Sean Anderson