[U-Boot] [PATCH 6/6] bootm: correctly bounds-check decompression
Kees Cook
keescook at chromium.org
Tue Aug 13 01:02:04 CEST 2013
This passes the actual memory allocation size for the destination to the
decompression routines, avoiding potential memory overflows.
Signed-off-by: Kees Cook <keescook at chromium.org>
---
common/cmd_bootm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c
index ba0bcd4..ac4fad1 100644
--- a/common/cmd_bootm.c
+++ b/common/cmd_bootm.c
@@ -362,7 +362,7 @@ static int bootm_load_os(image_info_t os, ulong *load_end, int boot_progress)
const char *type_name = genimg_get_type_name(os.type);
- load_buf = map_sysmem(load, image_len);
+ load_buf = map_sysmem(load, unc_len);
image_buf = map_sysmem(image_start, image_len);
switch (comp) {
case IH_COMP_NONE:
--
1.7.9.5
More information about the U-Boot
mailing list