[flashrom] [PATCH] Fix out-of-bounds access if all erase functions fail
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2006 at gmx.net
Sat Apr 16 00:13:50 CEST 2011
Am 15.04.2011 13:16 schrieb Stefan Tauner:
> On Fri, 15 Apr 2011 07:31:29 +0200
> Carl-Daniel Hailfinger<c-d.hailfinger.devel.2006 at gmx.net> wrote:
>
>
>> Index: flashrom-fix_erasefunctions_nullpointer/flashrom.c
>> ===================================================================
>> --- flashrom-fix_erasefunctions_nullpointer/flashrom.c
>> (Revision 1280) +++
>> flashrom-fix_erasefunctions_nullpointer/flashrom.c
>> (Arbeitskopie) @@ -1514,8 +1514,12 @@ memcpy(curcontents,
>> oldcontents, size);
>>
>> for (k = 0; k< NUM_ERASEFUNCTIONS; k++) {
>>
> ^ ^^
> there is something broken with your old branch. spaces on the beginning
> of lines and after some binary operators. this does not apply to my
> git-svn head (or the r1280 equivalent) (could be a git-svn bug).
>
This corruption is apparently a Seamonkey Mail regression present in
Seamonkey 2.0.x.
Please find the patch attached, hopefully without corruption.
>> + if (!usable_erasefunctions) {
>> + msg_cdbg("No usable erase functions
>> left.\n");
>> + break;
>> + }
>> msg_cdbg("Looking at blockwise erase function %i...
>> ", k);
>> - if (check_block_eraser(flash, k, 1)&&
>>
> ^^^^
> but it will probably fix the OOB segfault, if it applies.
> i dont understand the whole function though.
> why do we precheck the erase functions with an extra loop? just for nice
> logs and sparing us the memcpy?
> not justified imho: it just complicates things and that OOB failure is
> a typical symptom.
>
We don't care about the memcpy (would be a micro-optimization and those
are almost always a bad idea). However, we care about good debug and
error messages.
Regards,
Carl-Daniel
Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net>
--
http://www.hailfinger.org/
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: flashrom_fix_erasefunctions_nullpointer.diff
URL: <http://www.flashrom.org/pipermail/flashrom/attachments/20110416/fe5a702e/attachment.ksh>
More information about the flashrom
mailing list