Commit 242ece22 authored by Chen Gang's avatar Chen Gang Committed by David S. Miller

arch: sparc: prom: looping issue, need additional length check in the outside looping

When "cp >= barg_buf + BARG_LEN-2", it breaks internel looping 'while',
but outside loop 'for' still has effect, so "*cp++ = ' '" will continue
repeating which may cause memory overflow.

So need additional length check for it in the outside looping.

Also beautify the related code which found by "./scripts/checkpatch.pl"
Signed-off-by: default avatarChen Gang <gang.chen@asianux.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent dbebe0da
...@@ -23,23 +23,25 @@ prom_getbootargs(void) ...@@ -23,23 +23,25 @@ prom_getbootargs(void)
return barg_buf; return barg_buf;
} }
switch(prom_vers) { switch (prom_vers) {
case PROM_V0: case PROM_V0:
cp = barg_buf; cp = barg_buf;
/* Start from 1 and go over fd(0,0,0)kernel */ /* Start from 1 and go over fd(0,0,0)kernel */
for(iter = 1; iter < 8; iter++) { for (iter = 1; iter < 8; iter++) {
arg = (*(romvec->pv_v0bootargs))->argv[iter]; arg = (*(romvec->pv_v0bootargs))->argv[iter];
if (arg == NULL) if (arg == NULL)
break; break;
while(*arg != 0) { while (*arg != 0) {
/* Leave place for space and null. */ /* Leave place for space and null. */
if(cp >= barg_buf + BARG_LEN-2){ if (cp >= barg_buf + BARG_LEN - 2)
/* We might issue a warning here. */ /* We might issue a warning here. */
break; break;
}
*cp++ = *arg++; *cp++ = *arg++;
} }
*cp++ = ' '; *cp++ = ' ';
if (cp >= barg_buf + BARG_LEN - 1)
/* We might issue a warning here. */
break;
} }
*cp = 0; *cp = 0;
break; break;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment