From f65ba2154f3bb62bec243f029500dd27f5c84703 Mon Sep 17 00:00:00 2001
From: Yifan Luo <luoyifan@cmss.chinamobile.com>
Date: Tue, 6 Aug 2019 15:10:24 +0800
Subject: [PATCH] HV: shell: fix temp_str out of bounds buffer access

String buffer temp_str is defined with size TEMP_STR_SIZE(60U) but accessed with MAX_STR_SIZE(256U). Better to limit the access bound to TEMP_STR_SIZE to prevent potential issue.

Tracked-On: #3549
Signed-off-by: Yifan Luo <luoyifan@cmss.chinamobile.com>
---
 hypervisor/debug/shell.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hypervisor/debug/shell.c b/hypervisor/debug/shell.c
index 65350f5fa..fb4ede3c6 100644
--- a/hypervisor/debug/shell.c
+++ b/hypervisor/debug/shell.c
@@ -252,7 +252,7 @@ static uint16_t sanitize_vmid(uint16_t vmid)
 	char temp_str[TEMP_STR_SIZE];
 
 	if (vmid >= CONFIG_MAX_VM_NUM) {
-		snprintf(temp_str, MAX_STR_SIZE,
+		snprintf(temp_str, TEMP_STR_SIZE,
 			"VM ID given exceeds the MAX_VM_NUM(%u), using 0 instead\r\n",
 			CONFIG_MAX_VM_NUM);
 		shell_puts(temp_str);