[flashrom] at45db buffer overflow
Stefan Tauner
stefan.tauner at alumni.tuwien.ac.at
Fri May 16 14:23:43 CEST 2014
On Tue, 13 May 2014 12:51:18 +0400
Shire <degener_trash at mail.ru> wrote:
> Thanks to The Raven and Stefan Tauner for bug report.
> I fix patch for correct write buffer calculation.
> Correct version of patch is attached.
Yes, that one looks correct. I came to the same conclusion like you:
1) the loop condition is wrong and 2) the offset used within the read
buffer should start at 0 and not at the chip offset. I really wonder
how this could have ever worked in my tests :)
My patch to solve the issue is a bit different though and I think it is
slightly better readable. I'd be glad if you could test/review it.
--
Kind regards/Mit freundlichen Grüßen, Stefan Tauner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-AT45DB-fix-length-calculations-in-read-functions.patch
Type: text/x-patch
Size: 2714 bytes
Desc: not available
URL: <http://www.flashrom.org/pipermail/flashrom/attachments/20140516/81348d36/attachment.patch>
More information about the flashrom
mailing list