On 4/8/22 21:45, Sean Anderson wrote:
snprintf will not overrun the buffer, and will return the number of
characters which would have been printed (had the buffer been large
enough). This allows us to create the tmpfile name and check for
overflow in one pass.
Signed-off-by: Sean Anderson <[email protected]>
---
tools/fit_image.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/tools/fit_image.c b/tools/fit_image.c
index 1884a2eb0b..0d5a6a28f9 100644
--- a/tools/fit_image.c
+++ b/tools/fit_image.c
@@ -684,14 +684,13 @@ static int fit_handle_file(struct image_tool_params
*params)
debug ("FIT format handling\n");
/* call dtc to include binary properties into the tmp file */
- if (strlen (params->imagefile) +
- strlen (MKIMAGE_TMPFILE_SUFFIX) + 1 > sizeof (tmpfile)) {
+ if (snprintf(tmpfile, sizeof(tmpfile), "%s%s", params->imagefile,
+ MKIMAGE_TMPFILE_SUFFIX) >= sizeof(tmpfile)) {
params->imagefile is not a mere file name but a path to a file which may
be PATH_MAX (typically 4096) characters long. Don't impose a 256
character limit. Use PATH_MAX instead of any other limit.
Anyway it would be better to avoid superfluous file operations and write
to the output file only.
Best regards
Heinrich
fprintf (stderr, "%s: Image file name (%s) too long, "
"can't create tmpfile.\n",
params->imagefile, params->cmdname);
return (EXIT_FAILURE);
}
- sprintf (tmpfile, "%s%s", params->imagefile, MKIMAGE_TMPFILE_SUFFIX);
/* We either compile the source file, or use the existing FIT image */
if (params->auto_its) {
