[U-Boot] [PATCH] new env: fix off-by-one error in setenv command

Wolfgang Denk Sat, 17 Jul 2010 15:49:03 -0700

Fix an off-by-one error in the string concatenation for the setevn
command which would write over the end of the allocated area,
resulting eventually in a crash due to corruption of the malloc
metadata.


Signed-off-by: Wolfgang Denk <w...@denx.de>
---
Posted as incremental patch here to provide quick fix to testers (also
pushed to "hashtable" branch in u-boot-testing repo. Will be squashed
into new env code patch when resubmitting.

 common/cmd_nvedit.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/common/cmd_nvedit.c b/common/cmd_nvedit.c
index 976a30b..010d003 100644
--- a/common/cmd_nvedit.c
+++ b/common/cmd_nvedit.c
@@ -273,7 +273,7 @@ int _do_env_set (int flag, int argc, char * const argv[])
        /*
         * Insert / replace new value
         */
-       for (i=2,len=1; i<argc; ++i) {
+       for (i=2,len=0; i<argc; ++i) {
                len += strlen(argv[i]) + 1;
        }
        if ((value = malloc(len)) == NULL) {
@@ -285,7 +285,7 @@ int _do_env_set (int flag, int argc, char * const argv[])
 
                while ((*s++ = *v++) != '\0')
                        ;
-               *s++ = ' ';
+               *(s-1) = ' ';
        }
        if (s != value)
                *--s = '\0';
-- 
1.7.1.1

_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

[U-Boot] [PATCH] new env: fix off-by-one error in setenv command

Reply via email to