12 Nov
2009
12 Nov
'09
12:31 a.m.
On Wed, Nov 11, 2009 at 4:06 PM, Peter Stuge peter@stuge.se wrote:
Myles Watson wrote:
How about this:
Index: src/arch/i386/boot/coreboot_table.c
--- src/arch/i386/boot/coreboot_table.c (revision 4931) +++ src/arch/i386/boot/coreboot_table.c (working copy) @@ -485,11 +485,10 @@
#if (CONFIG_HAVE_OPTION_TABLE == 1) {
- struct lb_record *rec_dest, *rec_src;
- /* Write the option config table... */
- struct lb_record *rec_dest;
- /* Copy the option config table, it's already a lb_record... */
rec_dest = lb_new_record(head);
- rec_src = (struct lb_record *)(void *)&option_table;
- memcpy(rec_dest, rec_src, rec_src->size);
- memcpy(rec_dest, &option_table, sizeof(option_table));
It is completely unclear to me why it is safe to write beyond the struct lb_record
lb_record is just the header. The data follows it, but isn't a member of the struct.
(maybe it is an elaborate side-effect of the call to lb_new_record()?)
I think lb_new_record uses the size to find the next header location. Is that what you meant?
Acked-by: Peter Stuge peter@stuge.se
Rev 4935.
Thanks, Myles