[PATCH 1/5] Boot code

Sean MacLennan smaclennan at pikatech.com
Sun Apr 13 12:06:46 EST 2008


On Sat, 12 Apr 2008 19:49:43 -0500
Josh Boyer <jwboyer at linux.vnet.ibm.com> wrote:

> On Sat, 2008-04-12 at 14:01 -0400, Sean MacLennan wrote:
> > Signed-off-by: Sean MacLennan <smaclennan at pikatech.com>
> > 
> 
> This patch is word wrapped.

Yes, sorry about that. I have been trying out a new mail client and I
pasted the text wrong :( I caught it in the other patches though,
so they should be good.

> > +	char name[40];
> > +	u32 v[2];
> > +
> > +	sprintf(name, "/plb/opb/ebc/nor_flash at 0,0/partition@%x",
> > from);
> 
> Unless I can't count (which could very well be the case), you have a
> buffer overflow here.  The fixed string is 37 characters, and the
> values you are passing in for "from" will extend the string past the
> 40 bytes you have allocated for "name".

No, you are right. Good catch. I will update that.

Cheers,
   Sean



More information about the Linuxppc-dev mailing list