From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mike Frysinger Date: Tue, 10 Jan 2012 18:30:05 -0500 Subject: [U-Boot] [PATCH v2] bootm: Avoid 256-byte overflow in fixup_silent_linux() In-Reply-To: <20120110222805.2A0AE1167AA4@gemini.denx.de> References: <20111020144041.3ED5E14094B3@gemini.denx.de> <1319133298-30249-1-git-send-email-dianders@chromium.org> <20120110222805.2A0AE1167AA4@gemini.denx.de> Message-ID: <201201101830.06499.vapier@gentoo.org> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Tuesday 10 January 2012 17:28:05 Wolfgang Denk wrote: > Doug Anderson wrote: > > This makes fixup_silent_linux() use malloc() to allocate its > > working space, meaning that our maximum kernel command line > > should only be limited by malloc(). Previously it was silently > > overflowing the stack. > > ... > > > static void fixup_silent_linux(void) > > { > > > > - char buf[256], *start, *end; > > Are you sure that the kernel's buffer is long enough? > > For example on PowerPC, there is a current hard limit on 512 > characters: > > arch/powerpc/boot/ops.h:#define COMMAND_LINE_SIZE 512 > arch/powerpc/kernel/setup-common.c:char cmd_line[COMMAND_LINE_SIZE]; > > On SPARC, we have 256 bytes hard limit, see arch/sparc/prom/bootstr_64.c: > > #define BARG_LEN 256 > ... > prom_getstring(prom_chosen_node, "bootargs", > bootstr_info.bootstr_buf, BARG_LEN); i think this does len checking ... > I think your patch is likely to break all these architectures? i don't know about others, but on Blackfin, we don't care. we just copy the first COMMAND_LINE_SIZE bytes out and ignore the rest. -mike -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. URL: