Skip to content
Snippets Groups Projects
Commit 149c21b0 authored by Kay Potthoff's avatar Kay Potthoff Committed by Tom Rini
Browse files

mtdparts: fixed buffer overflow bug 


In the case that there was no name defined for a partition the
code assumes that name_len is 22 and therefore allocates exactly
that space for a dummy name. But the function sprintf() first
resolves "0x%08llx@0x%08llx" to a string that is longer than 22
bytes. This leads to a buffer overflow. The replacement function
snprintf() limits the copied bytes to name_len and therefore
avoids the buffer overflow.

Signed-off-by: default avatarKay Potthoff <Kay.Potthoff@microsys.de>
parent 4807c40c
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 1 deletion
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment