The attached patch prevents a buffer overflow which occurs when a
path becomes too long.
(And with this patch, I'll end my tiny flood of the email list...)
-Frank
--
Frank Rowand <
frank_rowand@mvista.com>
MontaVista Software, Inc
Index: yaffs/utils/mkyaffsimage.c
===================================================================
--- yaffs.orig/utils/mkyaffsimage.c
+++ yaffs/utils/mkyaffsimage.c
@@ -385,7 +385,9 @@
static int process_directory(int parent, const char *path)
{
+#define FULL_NAME_LEN 500
int error = 0;
+ int len;
DIR *dir;
struct dirent *entry;
@@ -402,12 +404,20 @@
if(strcmp(entry->d_name,".") &&
strcmp(entry->d_name,".."))
{
- char full_name[500];
+ char full_name[FULL_NAME_LEN];
struct stat stats;
int equivalentObj;
int newObj;
- sprintf(full_name,"%s/%s",path,entry->d_name);
+ len = snprintf(full_name,FULL_NAME_LEN,"%s/%s",path,entry->d_name);
+ if (len > FULL_NAME_LEN)
+ {
+ printf("%s/%s\n",path,entry->d_name);
+ printf("ERROR: length of path >= %d\n", FULL_NAME_LEN);
+ error = -1;
+ errno = ENAMETOOLONG;
+ continue;
+ }
lstat(full_name,&stats);
(text/plain)
