[coreboot-gerrit] Patch set updated for coreboot: 5fc5908 device/oprom/realmode/x86: Fix memory corruption
Alexandru Gagniuc (mr.nuke.me@gmail.com)
gerrit at coreboot.org
Mon Jan 19 18:36:48 CET 2015
Alexandru Gagniuc (mr.nuke.me at gmail.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/8227
-gerrit
commit 5fc59083622fe26e4b677d4d1a96990dec706155
Author: Zhuo-Hao Lee <zhuo-hao.lee at intel.com>
Date: Wed Dec 24 11:13:34 2014 +0800
device/oprom/realmode/x86: Fix memory corruption
The length of the memcpy is incorrect and this will cause the
destination buffer to corrupt the following 2 bytes of data.
BUG=none
BRANCH=All
TEST=build and boot on rambi, system boot up without error
Change-Id: I96adf2555b01aa35bb38a2e0f221fc2b2e87a41b
Signed-off-by: Zhuo-Hao Lee <zhuo-hao.lee at intel.com>
Reviewed-on: https://chromium-review.googlesource.com/237510
Reviewed-by: Ryan Lin <ryan.lin at intel.com>
Reviewed-by: Duncan Laurie <dlaurie at chromium.org>
[Remove usage of macro `FIELD_SIZEOF(t, f)`.]
Signed-off-by: Paul Menzel <paulepanter at users.sourceforge.net>
---
src/device/oprom/realmode/x86.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/device/oprom/realmode/x86.c b/src/device/oprom/realmode/x86.c
index fc3c40c..461cb06 100644
--- a/src/device/oprom/realmode/x86.c
+++ b/src/device/oprom/realmode/x86.c
@@ -233,7 +233,7 @@ static u8 vbe_get_mode_info(vbe_mode_info_t * mi)
u16 buffer_adr = ((unsigned long)buffer) & 0xffff;
realmode_interrupt(0x10, VESA_GET_MODE_INFO, 0x0000,
mi->video_mode, 0x0000, buffer_seg, buffer_adr);
- memcpy(mi->mode_info_block, buffer, sizeof(vbe_mode_info_t));
+ memcpy(mi->mode_info_block, buffer, sizeof(mi->mode_info_block));
mode_info_valid = 1;
return 0;
}
More information about the coreboot-gerrit
mailing list