[PATCH] mtd: add Broadcom BCM63xx image tag partition parser

[David Woodhouse]

On Sun, 2010-09-12 at 15:52 +0200, Florian Fainelli wrote:
> 
> +       ret = master->read(master, master->erasesize, sizeof(struct bcm_tag),
> +                                                       &retlen, (void *)buf);
> +       if (retlen != sizeof(struct bcm_tag)) {
> +               vfree(buf);
> +               return -EIO;
> +       }
> +
> +       sscanf(buf->kernel_address, "%u", &kerneladdr);
> +       sscanf(buf->kernel_length, "%u", &kernellen);
> +       sscanf(buf->total_length, "%u", &totallen);
> +       tagversion = &(buf->tag_version[0]);
> +       boardid = &(buf->board_id[0]);
> +
> +       printk(KERN_INFO PFX "CFE boot tag found with version %s "
> +                               "and board type %s\n", tagversion, boardid); 

Um, that looks easy to crash, given that you aren't even checking the
CRC before you do this, and you aren't checking that any of these
strings are actually NUL-terminated.

I'm applying it as-is, since I'm extremely late -- I've been slacking.
But please could I have a fix?

-- 
David Woodhouse                            Open Source Technology Centre
David.Woodhouse at intel.com                              Intel Corporation