[U-Boot] Bug in cbfs

Yaroslav K. yar444 at gmail.com
Mon Jun 27 07:35:56 CEST 2016


Hello.

Current implementation of cbfs prints incorrect file names. In the
file fs/cbfs/cbfs.c
there are lines

                swap_file_header(&header, fileHeader);
                if (header.offset < sizeof(const struct cbfs_cachenode *) ||
                                header.offset > header.len) {
                        file_cbfs_result = CBFS_BAD_FILE;
                        return -1;
                }
                newNode->next = NULL;
                newNode->type = header.type;
                newNode->data = start + header.offset;
                newNode->data_length = header.len;
                name_len = header.offset - sizeof(struct cbfs_cachenode *);
                newNode->name = (char *)fileHeader +
                                sizeof(struct cbfs_cachenode *);
                newNode->name_length = name_len;
                newNode->checksum = header.checksum;

Shouldn't sizeof(const struct cbfs_cachenode *) and sizeof(struct
cbfs_cachenode *)
be replaced with sizeof(struct cbfs_fileheader)?

--
Yaroslav


More information about the U-Boot mailing list