The docstring for MXC_SYS_GetUSN states that the parameter usn must be at least MXC_SYS_USN_LEN (13) bytes long.
However, it looks like the implementation in sys_me15.c will unconditionally memset the first MXC_SYS_USN_CHECKSUM_LEN (16) bytes of usn, resulting in a buffer overflow if usn has the minimum size of MXC_SYS_USN_LEN bytes, as stated in the docstring.
Board
Files:
Affected versions that I checked:
The docstring for
MXC_SYS_GetUSN
states that the parameterusn
must be at leastMXC_SYS_USN_LEN
(13) bytes long.However, it looks like the implementation in
sys_me15.c
will unconditionally memset the firstMXC_SYS_USN_CHECKSUM_LEN
(16) bytes ofusn
, resulting in a buffer overflow ifusn
has the minimum size ofMXC_SYS_USN_LEN
bytes, as stated in the docstring.