From: Kory Maincent (TI.com) Date: Mon, 17 Nov 2025 15:23:07 +0000 (+0100) Subject: boot: pxe_utils: Fix memory allocation issues in overlay_dir handling X-Git-Tag: v2026.01-rc3~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2d7eee5a55472f885474168acd3295d47a559755;p=thirdparty%2Fu-boot.git boot: pxe_utils: Fix memory allocation issues in overlay_dir handling Fix two memory allocation bugs in label_boot_extension(): 1. When label->fdtdir is not set, overlay_dir was used without any memory allocation. 2. When label->fdtdir is set, the allocation size was incorrect, using 'len' (just the fdtdir length) instead of 'dir_len' (which includes the trailing slash and null terminator). Resolve both issues by moving the memory allocation and string formatting outside the conditional block, resulting in clearer code flow and correct sizing in all cases. Closes: https://lists.denx.de/pipermail/u-boot/2025-November/602892.html Addresses-Coverity-ID: 638558 Memory - illegal accesses (UNINIT) Fixes: 935109cd9e97 ("boot: pxe_utils: Add extension board devicetree overlay support") Signed-off-by: Kory Maincent (TI.com) Tested-by: Surkov Kirill --- diff --git a/boot/pxe_utils.c b/boot/pxe_utils.c index 038416203fc..836e4eb526c 100644 --- a/boot/pxe_utils.c +++ b/boot/pxe_utils.c @@ -444,7 +444,7 @@ static void label_boot_extension(struct pxe_context *ctx, const struct extension *extension; struct fdt_header *working_fdt; struct alist *extension_list; - int ret, dir_len, len; + int ret, dir_len, len = 0; char *overlay_dir; const char *slash; ulong fdt_addr; @@ -472,18 +472,16 @@ static void label_boot_extension(struct pxe_context *ctx, slash = "/"; else slash = ""; - - dir_len = strlen(label->fdtdir) + strlen(slash) + 1; - overlay_dir = calloc(1, len); - if (!overlay_dir) - return; - - snprintf(overlay_dir, dir_len, "%s%s", label->fdtdir, - slash); } else { - dir_len = 2; - snprintf(overlay_dir, dir_len, "/"); + slash = "/"; } + dir_len = len + strlen(slash) + 1; + + overlay_dir = calloc(1, dir_len); + if (!overlay_dir) + return; + + snprintf(overlay_dir, dir_len, "%s%s", label->fdtdir ?: "", slash); alist_for_each(extension, extension_list) { char *overlay_file;