u-boot: v2026.04: helios64: bound otp.part_num debug print

iav · iav · commit fe7e77f7716d · 2026-04-17T16:29:02.000+03:00
show_otp_data() printed otp.part_num (a fixed 16-byte field, not a
C string) with plain %s. If OTP content lacks a NUL terminator, printf
would over-read into the adjacent packed fields. Use %.*s with
strnlen(..., sizeof(otp.part_num)) so the output is bounded by both
the actual content length and the field size.

Only reachable in DEBUG builds, but the UB is real.

Suggested-by: coderabbitai[bot]
diff --git a/patch/u-boot/v2026.04/board_helios64/board/sys_otp.c b/patch/u-boot/v2026.04/board_helios64/board/sys_otp.c
@@ -126,7 +126,9 @@ static void show_otp_data(void)
 	if (!is_valid_header())
 		return;
 
-	printf("Part Number: %s\n", otp.part_num);
+	printf("Part Number: %.*s\n",
+		(int)strnlen((const char *)otp.part_num, sizeof(otp.part_num)),
+		otp.part_num);
 	printf("Variant: %s\n",
 		(otp.variant < BOARD_VARIANT_MAX) ? var_str[otp.variant]
 						  : var_str[BOARD_VARIANT_INVALID]);
