Improve correctness of mkyaffs2image:
- Ensure overly long filenames are flagged as an error, rather than allowing
  buffer to not be null terminated or overflow.  (strncpy does not guarantee
  null termination).
- Ensure all spare bytes are initialized.  (Any uninitialized bytes in
  PackedTags default to 0; any spare bytes not used by the OOB shuffle default
  to 0xff like nanderase would have done.)
- Add missing closedir() to match opendir().
- Removed double close() of outFile.
- Do not close() file handle that failed to open().
Index: mkyaffs2image/mkyaffs2image.c
===================================================================
--- mkyaffs2image.orig/mkyaffs2image.c	2010-08-26 13:08:14.000000000 -0600
+++ mkyaffs2image/mkyaffs2image.c	2010-08-26 14:08:27.000000000 -0600
@@ -29,6 +29,8 @@
 #include <dirent.h>
 #include <string.h>
 #include <unistd.h>
+#include <errno.h>
+#include <assert.h>
 #include "yaffs_ecc.h"
 #include "yaffs_guts.h"
 
@@ -154,10 +156,18 @@
 #endif
 }
 
+static void shuffle_oob(char *spareData, yaffs_PackedTags2 *pt)
+{
+	assert(sizeof(*pt) <= spareSize);
+	// For non-trivial OOB orderings, here would be a good place to shuffle.
+	memcpy(spareData, pt, sizeof(*pt));
+}
+
 static int write_chunk(__u8 *data, __u32 objId, __u32 chunkId, __u32 nBytes)
 {
 	yaffs_ExtendedTags t;
 	yaffs_PackedTags2 pt;
+	char spareData[spareSize];
 
 	error = write(outFile,data,chunkSize);
 	if(error < 0) return error;
@@ -182,10 +192,13 @@
 
 	nPages++;
 
+	memset(&pt, 0, sizeof(pt));
 	yaffs_PackTags2(&pt,&t,1);
-	
-//	return write(outFile,&pt,sizeof(yaffs_PackedTags2));
-	return write(outFile,&pt,spareSize);
+
+	memset(spareData, 0xff, sizeof(spareData));
+	shuffle_oob(spareData, &pt);
+
+	return write(outFile,spareData,sizeof(spareData));
 	
 }
 
@@ -268,7 +281,10 @@
 
 	oh->parentObjectId = parent;
 	
-	strncpy(oh->name,name,YAFFS_MAX_NAME_LENGTH);
+	if (strlen(name)+1 > sizeof(oh->name))
+		return -1;
+	memset(oh->name,0,sizeof(oh->name));
+	strcpy(oh->name,name);
 	
 	
 	if(t != YAFFS_OBJECT_TYPE_HARDLINK)
@@ -295,7 +311,10 @@
 	
 	if(t == YAFFS_OBJECT_TYPE_SYMLINK)
 	{
-		strncpy(oh->alias,alias,YAFFS_MAX_ALIAS_LENGTH);
+		if (strlen(alias)+1 > sizeof(oh->alias))
+			return -1;
+		memset(oh->alias,0,sizeof(oh->alias));
+		strcpy(oh->alias,alias);
 	}
 
 	if (convert_endian)
@@ -332,7 +351,11 @@
 				int equivalentObj;
 				int newObj;
 				
-				sprintf(full_name,"%s/%s",path,entry->d_name);
+				if (snprintf(full_name,sizeof(full_name),"%s/%s",path,entry->d_name) >= (int)sizeof(full_name))
+				{
+					error = -1;
+					continue;
+				}
 				
 				lstat(full_name,&stats);
 				
@@ -401,12 +424,12 @@
 									   error = nBytes;
 									   
 									printf("%d data chunks written\n",chunk);
+									close(h);
 								}
 								else
 								{
 									perror("Error opening file");
 								}
-								close(h);
 								
 							}							
 														
@@ -446,6 +469,7 @@
 				}
 			}
 		}
+		closedir(dir);
 	}
 	
 	return 0;
@@ -513,8 +537,6 @@
 		       "%d NAND pages\n",nObjects, nDirectories, nPages);
 	}
 	
-	close(outFile);
-	
 	exit(0);
 }