[U-Boot] [PATCH 6/6] bootm: allow correct bounds-check of destination
Kees Cook
keescook at chromium.org
Fri Aug 16 16:59:16 CEST 2013
While nothing presently examines the destination size, it should at
least be correct so that future users of sys_mapmem() will not be
surprised. Without this, it might be possible to overflow memory.
Signed-off-by: Kees Cook <keescook at chromium.org>
Acked-by: Simon Glass <sjg at chromium.org>
---
common/cmd_bootm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c
index 046e22f..0f67112 100644
--- a/common/cmd_bootm.c
+++ b/common/cmd_bootm.c
@@ -368,7 +368,7 @@ static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end,
const char *type_name = genimg_get_type_name(os.type);
- load_buf = map_sysmem(load, image_len);
+ load_buf = map_sysmem(load, unc_len);
image_buf = map_sysmem(image_start, image_len);
switch (comp) {
case IH_COMP_NONE:
--
1.7.9.5
More information about the U-Boot
mailing list