summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHeinrich Schuchardt <xypron.glpk@gmx.de>2019-04-26 18:39:00 +0200
committerTom Rini <trini@konsulko.com>2019-05-05 08:48:50 -0400
commit6c74e94a6529625845557aa5fc2041f7355ba02a (patch)
tree3ee2fcf5eba59f4d75f642e96c8f7f7a11bebc36
parented885e752f3fdf4d0015362be60c6f259582a15f (diff)
downloadu-boot-6c74e94a6529625845557aa5fc2041f7355ba02a.tar.gz
lib/display_options: avoid illegal memory access
display_options_get_banner_priv() overwrites bytes before the start of the buffer if the buffer size is less then 3. This case occurs in the Sandbox when executing the `ut_print` command. Correctly handle small buffer sizes. Adjust the print unit test to catch when bytes before the buffer are overwritten. Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Reviewed-by: Simon Glass <sjg@chromium.org>
-rw-r--r--lib/display_options.c4
-rw-r--r--test/print_ut.c20
2 files changed, 15 insertions, 9 deletions
diff --git a/lib/display_options.c b/lib/display_options.c
index af1802ef99..cff20f3755 100644
--- a/lib/display_options.c
+++ b/lib/display_options.c
@@ -23,7 +23,9 @@ char *display_options_get_banner_priv(bool newlines, const char *build_tag,
build_tag);
if (len > size - 3)
len = size - 3;
- strcpy(buf + len, "\n\n");
+ if (len < 0)
+ len = 0;
+ snprintf(buf + len, size - len, "\n\n");
return buf;
}
diff --git a/test/print_ut.c b/test/print_ut.c
index f0f1d6010a..0bc548dca8 100644
--- a/test/print_ut.c
+++ b/test/print_ut.c
@@ -79,14 +79,18 @@ static int do_ut_print(cmd_tbl_t *cmdtp, int flag, int argc,
assert(s == str);
assert(!strcmp("\n\nU-Boo\n\n", s));
- s = display_options_get_banner(true, str, 1);
- assert(s == str);
- assert(!strcmp("", s));
-
- s = display_options_get_banner(true, str, 2);
- assert(s == str);
- assert(!strcmp("\n", s));
-
+ /* Assert that we do not overwrite memory before the buffer */
+ str[0] = '`';
+ s = display_options_get_banner(true, str + 1, 1);
+ assert(s == str + 1);
+ assert(!strcmp("`", str));
+
+ str[0] = '~';
+ s = display_options_get_banner(true, str + 1, 2);
+ assert(s == str + 1);
+ assert(!strcmp("~\n", str));
+
+ /* The last two characters are set to \n\n for all buffer sizes > 2 */
s = display_options_get_banner(false, str, sizeof(str));
assert(s == str);
assert(!strcmp("U-Boot \n\n", s));