[PATCH 1/5] Boot code
Sean MacLennan
smaclennan at pikatech.com
Sun Apr 13 12:06:46 EST 2008
On Sat, 12 Apr 2008 19:49:43 -0500
Josh Boyer <jwboyer at linux.vnet.ibm.com> wrote:
> On Sat, 2008-04-12 at 14:01 -0400, Sean MacLennan wrote:
> > Signed-off-by: Sean MacLennan <smaclennan at pikatech.com>
> >
>
> This patch is word wrapped.
Yes, sorry about that. I have been trying out a new mail client and I
pasted the text wrong :( I caught it in the other patches though,
so they should be good.
> > + char name[40];
> > + u32 v[2];
> > +
> > + sprintf(name, "/plb/opb/ebc/nor_flash at 0,0/partition@%x",
> > from);
>
> Unless I can't count (which could very well be the case), you have a
> buffer overflow here. The fixed string is 37 characters, and the
> values you are passing in for "from" will extend the string past the
> 40 bytes you have allocated for "name".
No, you are right. Good catch. I will update that.
Cheers,
Sean
More information about the Linuxppc-dev
mailing list