From e412227abbd885ae3736080b000457be69e46afc Mon Sep 17 00:00:00 2001 From: Thomas Jarosch Date: Thu, 25 Aug 2011 19:58:47 +0000 Subject: Fix off-by-one memory corruption in ipodpatcher. strcpy() will terminate the string with zero, the boot sector/buffer has only space for eight characters. Credit goes to "cppcheck". git-svn-id: svn://svn.rockbox.org/rockbox/trunk@30351 a1c6a512-1295-4272-9138-f99709370657 --- rbutil/ipodpatcher/fat32format.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rbutil/ipodpatcher/fat32format.c b/rbutil/ipodpatcher/fat32format.c index 3dced355b6..9d2c538cd7 100644 --- a/rbutil/ipodpatcher/fat32format.c +++ b/rbutil/ipodpatcher/fat32format.c @@ -309,7 +309,7 @@ static void create_boot_sector(unsigned char* buf, pFAT32BootSect->sJmpBoot[0]=0xEB; pFAT32BootSect->sJmpBoot[1]=0x5A; pFAT32BootSect->sJmpBoot[2]=0x90; - strcpy( pFAT32BootSect->sOEMName, "MSWIN4.1" ); + memcpy(pFAT32BootSect->sOEMName, "MSWIN4.1", 8 ); pFAT32BootSect->wBytsPerSec = rb_htole16(BytesPerSect); pFAT32BootSect->bSecPerClus = SectorsPerCluster ; pFAT32BootSect->wRsvdSecCnt = rb_htole16(ReservedSectCount); -- cgit v1.2.3