From: "Kory Maincent (TI.com)" <[email protected]> Fix two memory allocation bugs in label_boot_extension():
1. When label->fdtdir is not set, overlay_dir was used without any memory allocation. 2. When label->fdtdir is set, the allocation size was incorrect, using 'len' (just the fdtdir length) instead of 'dir_len' (which includes the trailing slash and null terminator). Resolve both issues by moving the memory allocation and string formatting outside the conditional block, resulting in clearer code flow and correct sizing in all cases. Closes: https://lists.denx.de/pipermail/u-boot/2025-November/602892.html Fixes: 935109cd9e97 ("boot: pxe_utils: Add extension board devicetree overlay support") Signed-off-by: Kory Maincent (TI.com) <[email protected]> --- Change in v2: - Extract calloc and snprintf of the if condition. --- boot/pxe_utils.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c index 038416203fc..7549a93bdad 100644 --- a/boot/pxe_utils.c +++ b/boot/pxe_utils.c @@ -473,18 +473,18 @@ static void label_boot_extension(struct pxe_context *ctx, else slash = ""; - dir_len = strlen(label->fdtdir) + strlen(slash) + 1; - overlay_dir = calloc(1, len); - if (!overlay_dir) - return; - - snprintf(overlay_dir, dir_len, "%s%s", label->fdtdir, - slash); + dir_len = len + strlen(slash) + 1; } else { dir_len = 2; - snprintf(overlay_dir, dir_len, "/"); + slash = "/"; } + overlay_dir = calloc(1, dir_len); + if (!overlay_dir) + return; + + snprintf(overlay_dir, dir_len, "%s%s", label->fdtdir ?: "", slash); + alist_for_each(extension, extension_list) { char *overlay_file; ulong size; -- 2.43.0
