From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mike Frysinger Date: Sat, 14 Jan 2012 20:32:50 -0500 Subject: [U-Boot] [PATCH v2] bootm: Avoid 256-byte overflow in fixup_silent_linux() In-Reply-To: <1326305992-27939-1-git-send-email-dianders@chromium.org> References: <1319063459-4804-4-git-send-email-dianders@chromium.org> <1326305992-27939-1-git-send-email-dianders@chromium.org> Message-ID: <201201142032.51112.vapier@gentoo.org> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Wednesday 11 January 2012 13:19:52 Doug Anderson wrote: > + if (cmdline && (cmdline[0] != '\0')) { > + char *start = strstr(cmdline, CONSOLE_ARG); > + > if (start) { > - end = strchr(start, ' '); > - strncpy(buf, cmdline, (start - cmdline + 8)); > + char *end = strchr(start, ' '); > + int num_start_bytes = start - cmdline + CONSOLE_ARG_LEN; > + > + strncpy(buf, cmdline, num_start_bytes); > if (end) > - strcpy(buf + (start - cmdline + 8), end); > + strcpy(buf + num_start_bytes, end); > else > - buf[start - cmdline + 8] = '\0'; > + buf[num_start_bytes] = '\0'; > } else { > - strcpy(buf, cmdline); > - strcat(buf, " console="); > + sprintf(buf, "%s %s", cmdline, CONSOLE_ARG); > } > } else { > - strcpy(buf, "console="); > + buf = strdup(CONSOLE_ARG); > + if (!buf) { > + debug("%s: strdup failed\n", __func__); > + return; > + } > } > > setenv("bootargs", buf); > debug("after silent fix-up: %s\n", buf); > + free(buf); seems like the strdup() in the else branch is unnecessary. const char *env_val; ... if (cmdline && (cmdline[0] != '\0')) { ... env_val = buf; } else { buf = NULL; env_val = "console="; } setenv("bootargs", env_val); debug("after silent fix-up: %s\n", env_val); free(buf); -mike -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 836 bytes Desc: This is a digitally signed message part. URL: