dany/u-boot-megous
1
0
Fork 0
mirror of https://xff.cz/git/u-boot/ synced 2025-09-01 08:42:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

lib/display_options: avoid illegal memory access

Browse Source 
display_options_get_banner_priv() overwrites bytes before the start of the
buffer if the buffer size is less then 3. This case occurs in the Sandbox
when executing the `ut_print` command.

Correctly handle small buffer sizes. Adjust the print unit test to catch
when bytes before the buffer are overwritten.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Heinrich Schuchardt
2019-04-26 18:39:00 +02:00
committed by Tom Rini
parent ed885e752f
commit 6c74e94a65
2 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
test/print_ut.c
View File

@@ -79,14 +79,18 @@ static int do_ut_print(cmd_tbl_t *cmdtp, int flag, int argc,
assert(s == str);
assert(!strcmp("\n\nU-Boo\n\n", s));
s = display_options_get_banner(true, str, 1);
assert(s == str);
assert(!strcmp("", s));
/* Assert that we do not overwrite memory before the buffer */
str[0] = '`';
s = display_options_get_banner(true, str + 1, 1);
assert(s == str + 1);
assert(!strcmp("`", str));
s = display_options_get_banner(true, str, 2);
assert(s == str);
assert(!strcmp("\n", s));
str[0] = '~';
s = display_options_get_banner(true, str + 1, 2);
assert(s == str + 1);
assert(!strcmp("~\n", str));
/* The last two characters are set to \n\n for all buffer sizes > 2 */
s = display_options_get_banner(false, str, sizeof(str));
assert(s == str);
assert(!strcmp("U-Boot \n\n", s));