A NULL pointer argument to %s causes a NULL pointer dereference in the
fixed width numerical printout code, since p is overwritten with NULL.
In case of %s width is 0. Check width before dereferencing the pointer.

Signed-off-by: Benedikt Spranger <b.spran...@linutronix.de>
Reviewed-by: John Ogness <john.ogn...@linutronix.de>
---
 lib/tiny-printf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/tiny-printf.c b/lib/tiny-printf.c
index 9a70c6095b3..b2f31c4004a 100644
--- a/lib/tiny-printf.c
+++ b/lib/tiny-printf.c
@@ -311,7 +311,7 @@ static int _vprintf(struct printf_info *info, const char 
*fmt, va_list va)
 
                        *info->bf = 0;
                        info->bf = p;
-                       while (*info->bf++ && width > 0)
+                       while (width > 0 && info->bf && *info->bf++)
                                width--;
                        while (width-- > 0)
                                info->putc(info, lz ? '0' : ' ');
-- 
2.45.2

Reply via email to