[U-Boot] [PATCH] FAT: buffer overflow with FAT12/16
Wolfgang Denk
wd at denx.de
Wed Oct 20 09:15:45 CEST 2010
Dear Stefano Babic,
In message <1287557505-3955-1-git-send-email-sbabic at denx.de> you wrote:
> Last commit 3831530dcb7b71329c272ccd6181f8038b6a6dd0a was intended
> "explicitly specify FAT12/16 root directory parsing buffer size, instead
> of relying on cluster size". Howver, the underlying function requires
> the size of the buffer in blocks, not in bytes, and instead of passing
> a double sector size a request for 1024 blocks is sent. This generates
> a buffer overflow with overwriting of other structure (in the case seen,
> USB structures were overwritten).
>
> Signed-off-by: Stefano Babic <sbabic at denx.de>
> CC: Mikhail Zolotaryov <lebon at lebon.org.ua>
>
> ---
> fs/fat/fat.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
Nice catch!
Applied, thanks.
Best regards,
Wolfgang Denk
--
DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
Never worry about theory as long as the machinery does what it's
supposed to do. - R. A. Heinlein
More information about the U-Boot
mailing list