devs/foxbox
1
0
Fork 0
forked from len0rd/rockbox
Code Pull requests Activity

Fix off-by-one memory corruption in ipodpatcher.

Browse source 
strcpy() will terminate the string with zero,
the boot sector/buffer has only space for eight characters.

Credit goes to "cppcheck".

git-svn-id: svn://svn.rockbox.org/rockbox/trunk@30351 a1c6a512-1295-4272-9138-f99709370657
This commit is contained in:
Thomas Jarosch 2011-08-25 19:58:47 +00:00
parent faf354c4f3
commit e412227abb
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
rbutil/ipodpatcher/fat32format.c
View file

@ -309,7 +309,7 @@ static void create_boot_sector(unsigned char* buf,
pFAT32BootSect->sJmpBoot[0]=0xEB; pFAT32BootSect->sJmpBoot[0]=0xEB;
pFAT32BootSect->sJmpBoot[1]=0x5A; pFAT32BootSect->sJmpBoot[1]=0x5A;
pFAT32BootSect->sJmpBoot[2]=0x90; pFAT32BootSect->sJmpBoot[2]=0x90;
strcpy( pFAT32BootSect->sOEMName, "MSWIN4.1" ); memcpy(pFAT32BootSect->sOEMName, "MSWIN4.1", 8 );
pFAT32BootSect->wBytsPerSec = rb_htole16(BytesPerSect); pFAT32BootSect->wBytsPerSec = rb_htole16(BytesPerSect);
pFAT32BootSect->bSecPerClus = SectorsPerCluster ; pFAT32BootSect->bSecPerClus = SectorsPerCluster ;
pFAT32BootSect->wRsvdSecCnt = rb_htole16(ReservedSectCount); pFAT32BootSect->wRsvdSecCnt = rb_htole16(ReservedSectCount);