From f59a3b21f60190793dc3cee97338c2f6ee9f2336 Mon Sep 17 00:00:00 2001 From: "xypron.glpk@gmx.de" Date: Thu, 4 May 2017 22:26:42 +0200 Subject: [PATCH] tools: sunxi: avoid read after end of string The evaluation of option -c is incorrect: According to the C99 standard endptr in the first strtol is always set as &endptr is not NULL. So the first part of the or condition is always true. If all digits in optarg are valid endptr will point to the closing \0 and the second strtol will read beyond the end of the string optarg points to. Signed-off-by: Heinrich Schuchardt Acked-by: Boris Brezillon --- tools/sunxi-spl-image-builder.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/sunxi-spl-image-builder.c b/tools/sunxi-spl-image-builder.c index d538a38813..a367f11774 100644 --- a/tools/sunxi-spl-image-builder.c +++ b/tools/sunxi-spl-image-builder.c @@ -433,7 +433,7 @@ int main(int argc, char **argv) break; case 'c': info.ecc_strength = strtol(optarg, &endptr, 0); - if (endptr || *endptr == '/') + if (*endptr == '/') info.ecc_step_size = strtol(endptr + 1, NULL, 0); break; case 'p':