mail archive of the barebox mailing list
 help / color / mirror / Atom feed
* [PATCH] fdt: copy terminating '\0' in lstrcpy()
@ 2023-07-19 18:11 Enrico Scholz
  2023-07-26 11:43 ` Sascha Hauer
  0 siblings, 1 reply; 2+ messages in thread
From: Enrico Scholz @ 2023-07-19 18:11 UTC (permalink / raw)
  To: barebox; +Cc: Enrico Scholz

From: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>

On large string tables (>64K), a

|		fdt->strings = realloc(fdt->strings, fdt->str_size * 2);

operation is executed.  This 'realloc()' does not zero the memory so
there is no guarantee that the strings will be terminated properly.

Modify 'lstrcpy()' so that it also copies the terminating '\0'.

Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
---
 drivers/of/fdt.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
index 01d7dc37439f..9d72fafd3669 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -302,15 +302,15 @@ static int lstrcpy(char *dest, const char *src)
 	int len = 0;
 	int maxlen = 1023;
 
-	while (*src) {
-		*dest++ = *src++;
+	do {
+		*dest++ = *src;
 		len++;
 		if (!maxlen)
 			return -ENOSPC;
 		maxlen--;
-	}
+	} while (*src++);
 
-	return len;
+	return len - 1;
 }
 
 static void *memalign_realloc(void *orig, size_t oldsize, size_t newsize)
-- 
2.41.0




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-07-26 11:57 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-19 18:11 [PATCH] fdt: copy terminating '\0' in lstrcpy() Enrico Scholz
2023-07-26 11:43 ` Sascha Hauer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox