From df1cd46fb84922735e1c12f54b7202b0268dcddd Mon Sep 17 00:00:00 2001
From: Heinrich Schuchardt <xypron.glpk@gmx.de>
Date: Sun, 30 Jul 2017 22:18:18 +0200
Subject: arm64: zynqmp: avoid out of buffer access

strncat(a, b, c) appends a maximum of c characters plus the 0 byte
to a.

In board_init we first write 4 characters plus 0 byte to version.
So only ZYNQMP_VERSION_SIZE - 5 additional characters fit into
version.

The problem was indicated by cppcheck.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>

diff --git a/board/xilinx/zynqmp/zynqmp.c b/board/xilinx/zynqmp/zynqmp.c
index 07e0486..aebd3df 100644
--- a/board/xilinx/zynqmp/zynqmp.c
+++ b/board/xilinx/zynqmp/zynqmp.c
@@ -172,10 +172,10 @@ int board_init(void)
 	if (current_el() != 3) {
 		static char version[ZYNQMP_VERSION_SIZE];
 
-		strncat(version, "xczu", ZYNQMP_VERSION_SIZE);
+		strncat(version, "xczu", 4);
 		zynqmppl.name = strncat(version,
 					zynqmp_get_silicon_idcode_name(),
-					ZYNQMP_VERSION_SIZE);
+					ZYNQMP_VERSION_SIZE - 5);
 		printf("Chip ID:\t%s\n", zynqmppl.name);
 		fpga_init();
 		fpga_add(fpga_xilinx, &zynqmppl);
-- 
cgit v0.10.2