Hi Heinrich, On 4/8/22 4:25 PM, Heinrich Schuchardt wrote: > On 4/8/22 21:45, Sean Anderson wrote: >> snprintf will not overrun the buffer, and will return the number of >> characters which would have been printed (had the buffer been large >> enough). This allows us to create the tmpfile name and check for >> overflow in one pass. >> >> Signed-off-by: Sean Anderson <[email protected]> >> --- >> >> tools/fit_image.c | 5 ++--- >> 1 file changed, 2 insertions(+), 3 deletions(-) >> >> diff --git a/tools/fit_image.c b/tools/fit_image.c >> index 1884a2eb0b..0d5a6a28f9 100644 >> --- a/tools/fit_image.c >> +++ b/tools/fit_image.c >> @@ -684,14 +684,13 @@ static int fit_handle_file(struct image_tool_params >> *params) >> debug ("FIT format handling\n"); >> >> /* call dtc to include binary properties into the tmp file */ >> - if (strlen (params->imagefile) + >> - strlen (MKIMAGE_TMPFILE_SUFFIX) + 1 > sizeof (tmpfile)) { >> + if (snprintf(tmpfile, sizeof(tmpfile), "%s%s", params->imagefile, >> + MKIMAGE_TMPFILE_SUFFIX) >= sizeof(tmpfile)) { > > params->imagefile is not a mere file name but a path to a file which may > be PATH_MAX (typically 4096) characters long. Don't impose a 256 > character limit. Use PATH_MAX instead of any other limit.
Send a patch to change MKIMAGE_MAX_TMPFILE_LEN to PATH_MAX :) > Anyway it would be better to avoid superfluous file operations and write > to the output file only. Yes, probably, but I don't have time to refactor it right now. --Sean
