Searched hist:f41fe7ae91193c9c8b964821c6fc8f9936a7d24b (Results 1 – 1 of 1) sorted by relevance
| /rk3399_rockchip-uboot/cmd/ |
| H A D | mtdparts.c | f41fe7ae91193c9c8b964821c6fc8f9936a7d24b Tue Jul 17 06:19:39 UTC 2018 Kay Potthoff <kaypotthoff@gmail.com> UPSTREAM: mtdparts: fixed buffer overflow bug
In the case that there was no name defined for a partition the
code assumes that name_len is 22 and therefore allocates exactly
that space for a dummy name. But the function sprintf() first
resolves "0x%08llx@0x%08llx" to a string that is longer than 22
bytes. This leads to a buffer overflow. The replacement function
snprintf() limits the copied bytes to name_len and therefore
avoids the buffer overflow.
Change-Id: I2ca3a23a2b056cfd80d19651b0f21b04048ac794
Signed-off-by: Kay Potthoff <Kay.Potthoff@microsys.de>
Signed-off-by: Jon Lin <jon.lin@rock-chips.com>
(cherry picked from commit 149c21b098dafc5a2ae619555a844e8d0a9523f6)
|