On 15/05/2026 22:35, Francois Berder wrote: > ulong is 64 bits on 64-bit platforms. Hence, simple_xtoa can > produce up to 16 hex characters + NULL byte. The initrd_filesize > buffer is only 10 bytes which can cause a buffer overflow on > every PXE boot that loads an initrd on an address greater than > 4GB. > > Increase buffer size to 17 bytes to hold the maximum hex > representation of a 64-bit address. > > Signed-off-by: Francois Berder <[email protected]> > --- > boot/pxe_utils.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c > index 419ab1f1b0e..8c1310dabeb 100644 > --- a/boot/pxe_utils.c > +++ b/boot/pxe_utils.c > @@ -546,7 +546,7 @@ static int label_boot(struct pxe_context *ctx, struct > pxe_label *label) > char *zboot_argv[] = { "zboot", NULL, "0", NULL, NULL }; > char *kernel_addr = NULL; > char *initrd_addr_str = NULL; > - char initrd_filesize[10]; > + char initrd_filesize[17]; > char initrd_str[28]; > char mac_str[29] = ""; > char ip_str[68] = "";
Reviewed-by: Jerome Forissier <[email protected]> ...and added to the net queue. Thanks! -- Jerome
