From: Andrew Goodbody Date: Wed, 23 Jul 2025 10:34:35 +0000 (+0100) Subject: bios_emulator: Fix buffer overflow X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4b8aba93bdba168f284036cd7f8cb0e988bf3f92;p=thirdparty%2Fu-boot.git bios_emulator: Fix buffer overflow Using strcpy to copy a 4 character string into a 4 byte field in a structure will overflow that field as it writes the terminating \0 into the following field. Correct this by using memcpy instead. This issue was found by Smatch. Signed-off-by: Andrew Goodbody --- diff --git a/drivers/bios_emulator/atibios.c b/drivers/bios_emulator/atibios.c index d544ffb5ffb..e992a1aa822 100644 --- a/drivers/bios_emulator/atibios.c +++ b/drivers/bios_emulator/atibios.c @@ -99,7 +99,7 @@ static int atibios_debug_mode(BE_VGAInfo *vga_info, RMREGS *regs, regs->e.edi = buffer_adr; info = buffer; memset(info, '\0', sizeof(*info)); - strcpy(info->signature, "VBE2"); + memcpy(info->signature, "VBE2", 4); BE_int86(0x10, regs, regs); if (regs->e.eax != 0x4f) { debug("VESA_GET_INFO: error %x\n", regs->e.eax);