[U-Boot] [PATCH] FAT: buffer overflow with FAT12/16

Wolfgang Denk wd at denx.de
Wed Oct 20 09:15:45 CEST 2010


Dear Stefano Babic,

In message <1287557505-3955-1-git-send-email-sbabic at denx.de> you wrote:
> Last commit 3831530dcb7b71329c272ccd6181f8038b6a6dd0a was intended
> "explicitly specify FAT12/16 root directory parsing buffer size, instead
> of relying on cluster size". Howver, the underlying function requires
> the size of the buffer in blocks, not in bytes, and instead of passing
> a double sector size a request for 1024 blocks is sent. This generates
> a buffer overflow with overwriting of other structure (in the case seen,
> USB structures were overwritten).
> 
> Signed-off-by: Stefano Babic <sbabic at denx.de>
> CC: Mikhail Zolotaryov <lebon at lebon.org.ua>
> 
> ---
>  fs/fat/fat.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)

Nice catch!

Applied, thanks.

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
Never worry about theory as long as  the  machinery  does  what  it's
supposed to do.                                      - R. A. Heinlein


More information about the U-Boot mailing list