From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Thu, 22 Aug 2019 19:58:26 +0000 (+0200)
Subject: siemens: avoid out of bound access
X-Git-Tag: v2025.01-rc5-pxa1908~2805^2~2
X-Git-Url: http://git.dujemihanovic.xyz/img/static/git-logo.png?a=commitdiff_plain;h=3c7166dbb464a65d9822cfee7c233a7d8c1a9672;p=u-boot.git

siemens: avoid out of bound access

char num[1];
	sprintf(num, "%d", i);

leads to a buffer overrun.

Simplify the overly complex coding.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Acked-by: Heiko Schocher <hs@denx.de>
---

diff --git a/board/siemens/common/board.c b/board/siemens/common/board.c
index 676935a843..75462d1c34 100644
--- a/board/siemens/common/board.c
+++ b/board/siemens/common/board.c
@@ -189,14 +189,11 @@ void set_env_gpios(unsigned char state)
 {
 	char *ptr_env;
 	char str_tmp[5];	/* must contain "ledX"*/
-	char num[1];
 	unsigned char i, idx, pos1, pos2, ccount;
 	unsigned char gpio_n, gpio_s0, gpio_s1;
 
 	for (i = 0; i < MAX_NR_LEDS; i++) {
-		strcpy(str_tmp, "led");
-		sprintf(num, "%d", i);
-		strcat(str_tmp, num);
+		sprintf(str_tmp, "led%d", i);
 
 		/* If env var is not found we stop */
 		ptr_env = env_get(str_tmp);