arm64: zynqmp: avoid out of buffer access

strncat(a, b, c) appends a maximum of c characters plus the 0 byte
to a.

In board_init we first write 4 characters plus 0 byte to version.
So only ZYNQMP_VERSION_SIZE - 5 additional characters fit into
version.

The problem was indicated by cppcheck.

Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Signed-off-by: Michal Simek <michal.simek@xilinx.com>

diff --git a/board/xilinx/zynqmp/zynqmp.c b/board/xilinx/zynqmp/zynqmp.c
index 07e048681783effe4d789c4f6b46afa961ab489c..aebd3df8a9768a8b4c6f18099cea49dc9cd99ff7 100644 (file)
--- a/board/xilinx/zynqmp/zynqmp.c
+++ b/board/xilinx/zynqmp/zynqmp.c
@@ -172,10 +172,10 @@ int board_init(void)
        if (current_el() != 3) {
                static char version[ZYNQMP_VERSION_SIZE];
 
-               strncat(version, "xczu", ZYNQMP_VERSION_SIZE);
+               strncat(version, "xczu", 4);
                zynqmppl.name = strncat(version,
                                        zynqmp_get_silicon_idcode_name(),
-                                       ZYNQMP_VERSION_SIZE);
+                                       ZYNQMP_VERSION_SIZE - 5);
                printf("Chip ID:\t%s\n", zynqmppl.name);
                fpga_init();
                fpga_add(fpga_xilinx, &zynqmppl);