From a2acc58bc7460a03627f20842a7169d7a1328299 Mon Sep 17 00:00:00 2001 From: Colin Cross Date: Wed, 6 Mar 2013 19:10:29 -0800 Subject: [PATCH] of: fix CONFIG_CMDLINE_EXTEND strlcat takes the size of the buffer, not the number of characters to concatenate. If the size of the device tree command line p is larger than the CONFIG_CMDLINE string data, then strcat(data, p, l) will hit a BUG_ON because strlen(data) > l. Replace the second strlcat with a strncpy plus a manual null termination. Also rearrange the code to reduce indent depth to make it more readable, and replace data with a char *cmdline to avoid extra casts. Signed-off-by: Colin Cross --- drivers/of/fdt.c | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c index ffe1dbc141a4..99a2f7860255 100644 --- a/drivers/of/fdt.c +++ b/drivers/of/fdt.c @@ -685,32 +685,38 @@ static const char *config_cmdline = ""; int __init early_init_dt_scan_chosen(unsigned long node, const char *uname, int depth, void *data) { - unsigned long l; - char *p; + unsigned long l = 0; + char *p = NULL; + char *cmdline = data; pr_debug("search \"chosen\", depth: %d, uname: %s\n", depth, uname); - if (depth != 1 || !data || + if (depth != 1 || !cmdline || (strcmp(uname, "chosen") != 0 && strcmp(uname, "chosen@0") != 0)) return 0; early_init_dt_check_for_initrd(node); /* Put CONFIG_CMDLINE in if forced or if data had nothing in it to start */ - if (overwrite_incoming_cmdline || !((char *)data)[0]) - strlcpy(data, config_cmdline, COMMAND_LINE_SIZE); + if (overwrite_incoming_cmdline || !cmdline[0]) + strlcpy(cmdline, config_cmdline, COMMAND_LINE_SIZE); /* Retrieve command line unless forcing */ - if (read_dt_cmdline) { + if (read_dt_cmdline) p = of_get_flat_dt_prop(node, "bootargs", &l); - if (p != NULL && l > 0) { - if (concat_cmdline) { - strlcat(data, " ", COMMAND_LINE_SIZE); - strlcat(data, p, min_t(int, (int)l, - COMMAND_LINE_SIZE)); - } else - strlcpy(data, p, min_t(int, (int)l, - COMMAND_LINE_SIZE)); + + if (p != NULL && l > 0) { + if (concat_cmdline) { + int cmdline_len; + int copy_len; + strlcat(cmdline, " ", COMMAND_LINE_SIZE); + cmdline_len = strlen(cmdline); + copy_len = COMMAND_LINE_SIZE - cmdline_len - 1; + copy_len = min((int)l, copy_len); + strncpy(cmdline + cmdline_len, p, copy_len); + cmdline[cmdline_len + copy_len] = '\0'; + } else { + strlcpy(cmdline, p, min((int)l, COMMAND_LINE_SIZE)); } } -- 2.34.1