From 6c74e94a6529625845557aa5fc2041f7355ba02a Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Fri, 26 Apr 2019 18:39:00 +0200
Subject: lib/display_options: avoid illegal memory access

display_options_get_banner_priv() overwrites bytes before the start of the
buffer if the buffer size is less then 3. This case occurs in the Sandbox
when executing the `ut_print` command.

Correctly handle small buffer sizes. Adjust the print unit test to catch
when bytes before the buffer are overwritten.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 lib/display_options.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lib/display_options.c')

diff --git a/lib/display_options.c b/lib/display_options.c
index af1802ef992..cff20f37552 100644
--- a/lib/display_options.c
+++ b/lib/display_options.c
@@ -23,7 +23,9 @@ char *display_options_get_banner_priv(bool newlines, const char *build_tag,
 				build_tag);
 	if (len > size - 3)
 		len = size - 3;
-	strcpy(buf + len, "\n\n");
+	if (len < 0)
+		len = 0;
+	snprintf(buf + len, size - len, "\n\n");
 
 	return buf;
 }
-- 
cgit v1.2.3