On Tue, Jul 17, 2018 at 08:19:39AM +0200, Kay Potthoff wrote: > In the case that there was no name defined for a partition the > code assumes that name_len is 22 and therefore allocates exactly > that space for a dummy name. But the function sprintf() first > resolves "0x%08llx@0x%08llx" to a string that is longer than 22 > bytes. This leads to a buffer overflow. The replacement function > snprintf() limits the copied bytes to name_len and therefore > avoids the buffer overflow. > > Signed-off-by: Kay Potthoff <[email protected]>
Applied to u-boot/master, thanks! -- Tom
signature.asc
Description: PGP signature
_______________________________________________ U-Boot mailing list [email protected] https://lists.denx.de/listinfo/u-boot
