acpi: Fix buffer overflow in do_acpi_dump()

When do_acpi_dump() converts the table name to upper case, pass the
actual size of the output buffer so that the null terminator doesn't get
written beyond the end of the buffer.

Signed-off-by: Andrew Scull <ascull@google.com>
Cc: Simon Glass <sjg@chromium.org>
Cc: Wolfgang Wallner <wolfgang.wallner@br-automation.com>
Cc: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

diff --git a/cmd/acpi.c b/cmd/acpi.c
index c543f1e..0e473b4 100644 (file)
--- a/cmd/acpi.c
+++ b/cmd/acpi.c
@@ -178,7 +178,7 @@ static int do_acpi_dump(struct cmd_tbl *cmdtp, int flag, int argc,
                printf("Table name '%s' must be four characters\n", name);
                return CMD_RET_FAILURE;
        }
-       str_to_upper(name, sig, -1);
+       str_to_upper(name, sig, ACPI_NAME_LEN);
        ret = dump_table_name(sig);
        if (ret) {
                printf("Table '%.*s' not found\n", ACPI_NAME_LEN, sig);