From c3b115f4b7b05203da4233463a4fb87fa9c267ac Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Fri, 20 Apr 2018 15:29:31 +0200 Subject: [PATCH] tools: mkenvimage: Fix possible segfault on stdin input The size of 'filebuf' was not increased as more and more bytes are read from stdin, but 'filebuf' was always reallocated to the same fix size. This works as long as only less bytes than the initial buffer size come in, for more input this will segfault. (It actually does, I tested that.) So for each loop cycle the buffer size has to be increased by the number of bytes we want to read. Signed-off-by: Alexander Dahl --- tools/mkenvimage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/mkenvimage.c b/tools/mkenvimage.c index 716cb73a5c..8cd9ffa1c6 100644 --- a/tools/mkenvimage.c +++ b/tools/mkenvimage.c @@ -162,7 +162,7 @@ int main(int argc, char **argv) txt_fd = STDIN_FILENO; do { - filebuf = realloc(filebuf, readlen); + filebuf = realloc(filebuf, filesize + readlen); if (!filebuf) { fprintf(stderr, "Can't realloc memory for the input file buffer\n"); return EXIT_FAILURE; -- 2.39.5