[PATCH 1/5] Boot code

Josh Boyer jwboyer at linux.vnet.ibm.com
Sun Apr 13 10:49:43 EST 2008


On Sat, 2008-04-12 at 14:01 -0400, Sean MacLennan wrote:
> Signed-off-by: Sean MacLennan <smaclennan at pikatech.com>
> 

This patch is word wrapped.


> diff --git a/arch/powerpc/boot/cuboot-warp.c
> b/arch/powerpc/boot/cuboot-warp.c index eb108a8..43d7ad9 100644
> --- a/arch/powerpc/boot/cuboot-warp.c
> +++ b/arch/powerpc/boot/cuboot-warp.c
> @@ -10,6 +10,7 @@
>  #include "ops.h"
>  #include "4xx.h"
>  #include "cuboot.h"
> +#include "stdio.h"
>  
>  #define TARGET_4xx
>  #define TARGET_44x
> @@ -17,14 +18,54 @@
>  
>  static bd_t bd;
>  
> -static void warp_fixups(void)
> +static void warp_fixup_one_nor(u32 from, u32 to)
>  {
> -	unsigned long sysclk = 66000000;
> +	void *devp;
> +	char name[40];
> +	u32 v[2];
> +
> +	sprintf(name, "/plb/opb/ebc/nor_flash at 0,0/partition@%x", from);

Unless I can't count (which could very well be the case), you have a
buffer overflow here.  The fixed string is 37 characters, and the values
you are passing in for "from" will extend the string past the 40 bytes
you have allocated for "name".

josh




More information about the Linuxppc-dev mailing list