[BUG] Out of bound read of size 1 in __d_alloc function which further leads to __default_memcpy function
Sascha Hauer
sha at pengutronix.de
Fri May 7 03:58:30 PDT 2021
Hi,
On Sun, Apr 18, 2021 at 01:10:10AM +0530, Neeraj Pal wrote:
> Hi,
>
> I have found the Out of bound read issue of size 1 when argv[2] is "" in
> __d_alloc function fs/fs.c:1254 which further goes
> and crashes into __default_memcpy call lib/string.c:562
>
> Tested on:
> - barebox-2021.04.0
> - git commit af0f068a6edad45b033e772056ac0352e1ba3613
I can reproduce this here. Thanks for reporting it. I just sent out a
series fixing this issue, you are on Cc:
Regards,
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list