On 11/13/25 10:33, Kory Maincent wrote:
From: "Kory Maincent (TI.com)" <[email protected]>
Fix two memory allocation bugs in label_boot_extension():
1. When label->fdtdir is not set, overlay_dir was used without any
memory allocation.
2. When label->fdtdir is set, the allocation size was incorrect,
using 'len' (just the fdtdir length) instead of 'dir_len' (which
includes the trailing slash and null terminator).
Resolve both issues by moving the memory allocation and string
formatting outside the conditional block, resulting in clearer code
flow and correct sizing in all cases.
Closes: https://lists.denx.de/pipermail/u-boot/2025-November/602892.html
Fixes: 935109cd9e97 ("boot: pxe_utils: Add extension board devicetree overlay
support")
Signed-off-by: Kory Maincent (TI.com) <[email protected]>
Please, add
Addresses-Coverity-ID: 638558 Memory - illegal accesses (UNINIT)
so that we know that the Coverity issue is resolved.
---
Change in v2:
- Extract calloc and snprintf of the if condition.
---
boot/pxe_utils.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c
index 038416203fc..7549a93bdad 100644
--- a/boot/pxe_utils.c
+++ b/boot/pxe_utils.c
@@ -473,18 +473,18 @@ static void label_boot_extension(struct pxe_context *ctx,
else
slash = "";
- dir_len = strlen(label->fdtdir) + strlen(slash) + 1;
- overlay_dir = calloc(1, len);
- if (!overlay_dir)
- return;
-
- snprintf(overlay_dir, dir_len, "%s%s", label->fdtdir,
- slash);
+ dir_len = len + strlen(slash) + 1;
This line could be moved after the else branch to simplify the code by
avoiding separate assignments to dir_len.
Best regards
Heinrich
} else {
dir_len = 2;
- snprintf(overlay_dir, dir_len, "/");
+ slash = "/";
}
+ overlay_dir = calloc(1, dir_len);
+ if (!overlay_dir)
+ return;
+
+ snprintf(overlay_dir, dir_len, "%s%s", label->fdtdir ?: "", slash);
+
alist_for_each(extension, extension_list) {
char *overlay_file;
ulong size;
