On Sat, 2008-04-12 at 14:01 -0400, Sean MacLennan wrote:
> Signed-off-by: Sean MacLennan <[EMAIL PROTECTED]>
>
This patch is word wrapped.
> diff --git a/arch/powerpc/boot/cuboot-warp.c
> b/arch/powerpc/boot/cuboot-warp.c index eb108a8..43d7ad9 100644
> --- a/arch/powerpc/boot/cuboot-warp.c
> +++ b/arch/powerpc/boot/cuboot-warp.c
> @@ -10,6 +10,7 @@
> #include "ops.h"
> #include "4xx.h"
> #include "cuboot.h"
> +#include "stdio.h"
>
> #define TARGET_4xx
> #define TARGET_44x
> @@ -17,14 +18,54 @@
>
> static bd_t bd;
>
> -static void warp_fixups(void)
> +static void warp_fixup_one_nor(u32 from, u32 to)
> {
> - unsigned long sysclk = 66000000;
> + void *devp;
> + char name[40];
> + u32 v[2];
> +
> + sprintf(name, "/plb/opb/ebc/[EMAIL PROTECTED],0/[EMAIL PROTECTED]",
> from);
Unless I can't count (which could very well be the case), you have a
buffer overflow here. The fixed string is 37 characters, and the values
you are passing in for "from" will extend the string past the 40 bytes
you have allocated for "name".
josh
_______________________________________________
Linuxppc-dev mailing list
Linuxppc-dev@ozlabs.org
https://ozlabs.org/mailman/listinfo/linuxppc-dev
