Message ID | 2026242272ea4f6bb96adbd87ca61532@EINTMBXC.einet.ad.eivd.ch |
---|---|
State | Changes Requested |
Delegated to: | Simon Glass |
Headers | show |
On Fri, Jul 19, 2013 at 12:31 PM, Rossier Daniel <Daniel.Rossier@heig-vd.ch>wrote: > Hi, > > I discovered a small bug in lib/vsprintf.c which leads to an "Access > violation(2)" when I tried to tftp a file, in QEMU. > If CONFIG_SYS_VSNPRINTF is set, the str pointer is incremented even if str > reached the end of string (str == end) because of ADDCH. > This leads to a wrong length of string and causes the problem. > Here is the patch: > > diff --git a/lib/vsprintf.c b/lib/vsprintf.c > index 82e5c13..2ba8126 100644 > --- a/lib/vsprintf.c > +++ b/lib/vsprintf.c > @@ -747,8 +747,9 @@ repeat: > #ifdef CONFIG_SYS_VSNPRINTF > if (size > 0) { > - ADDCH(str, '\0'); > - if (str > end) > + if (str < end) > + *str = '\0'; > + else > end[-1] = '\0'; > This is good - but can I suggest going a little further, maybe: + if (str < end) > + *str = '\0'; > + else if (end > buf) > end[-1] = '\0'; > since I think it is actually valid to call this function with a size of 0, perhaps to find out the length that would be produced. Regards, Simon
diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 82e5c13..2ba8126 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -747,8 +747,9 @@ repeat: #ifdef CONFIG_SYS_VSNPRINTF if (size > 0) { - ADDCH(str, '\0'); - if (str > end) + if (str < end) + *str = '\0'; + else end[-1] = '\0'; } #else