[flashrom] at45db buffer overflow

Stefan Tauner stefan.tauner at alumni.tuwien.ac.at
Sat May 10 00:41:28 CEST 2014


On Sat, 01 Feb 2014 11:56:22 +0600
degener_trash at mail.ru wrote:

> I found buffer overflow at at45db module. Error was in chunk length calculation.
> Patch is attached.
> 
> Chip AT45DB041D: reading, writing and erasing operations works correctly.
> 
> Best regards, Alexander Irenkov

Yes, you are right, Alexander, thank you. I think the error was
introduced by some refactorings or rebasing the original patch. I think
my original code looked a bit different/simpler than Alexander's. I have
attached my version of a patch to fix this.

Now I am interested if this version fixes the problem The Raven was
seeing only on erase, even with your patch applied.

The Raven: If this does not fix the erase issue then please add ' -g' to
the CFLAGS in the makefile, recompile flashrom completely (make -B or
make clean + make), and run an erase within gdb with 'spew' debug level:

$ gdb --args ./flashrom -VVV -E -p ...
[…]
(gdb) r
Starting program: […]
[…] Segfault detected […]
(gdb) bt
<Backtrace output>
(gdb) q
$

Please send me the flashrom log and the backtrace obtained from GDB.
-- 
Kind regards/Mit freundlichen Grüßen, Stefan Tauner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-AT45DB-fix-length-calculations-in-read-functions.patch
Type: text/x-patch
Size: 1060 bytes
Desc: not available
URL: <http://www.flashrom.org/pipermail/flashrom/attachments/20140510/24d99067/attachment.patch>


More information about the flashrom mailing list