[PATCH] fdt: copy terminating '\0' in lstrcpy()
Enrico Scholz
enrico.scholz at sigma-chemnitz.de
Wed Jul 19 11:11:29 PDT 2023
From: Enrico Scholz <enrico.scholz at sigma-chemnitz.de>
On large string tables (>64K), a
| fdt->strings = realloc(fdt->strings, fdt->str_size * 2);
operation is executed. This 'realloc()' does not zero the memory so
there is no guarantee that the strings will be terminated properly.
Modify 'lstrcpy()' so that it also copies the terminating '\0'.
Signed-off-by: Enrico Scholz <enrico.scholz at sigma-chemnitz.de>
---
drivers/of/fdt.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
index 01d7dc37439f..9d72fafd3669 100644
--- a/drivers/of/fdt.c
+++ b/drivers/of/fdt.c
@@ -302,15 +302,15 @@ static int lstrcpy(char *dest, const char *src)
int len = 0;
int maxlen = 1023;
- while (*src) {
- *dest++ = *src++;
+ do {
+ *dest++ = *src;
len++;
if (!maxlen)
return -ENOSPC;
maxlen--;
- }
+ } while (*src++);
- return len;
+ return len - 1;
}
static void *memalign_realloc(void *orig, size_t oldsize, size_t newsize)
--
2.41.0
More information about the barebox
mailing list