[U-Boot] [PATCH 2/4] fs: cbfs: Fix out of bound access during CBFS walking through

Simon Glass sjg at chromium.org
Sat Dec 29 13:39:52 UTC 2018


On Sat, 22 Dec 2018 at 02:50, Bin Meng <bmeng.cn at gmail.com> wrote:
>
> The call to file_cbfs_fill_cache() is given with the parameter
> 'start' pointing to the offset by the CBFS base address, but
> with the parameter 'size' that equals to the whole CBFS size.
> During CBFS walking through, it checks files one by one and
> after it pass over the end of the CBFS which is 4GiB boundary
> it tries to check files from address 0 and so on, until the
> overall size the codes checked hits to the given 'size'.
>
> Fix this by passing 'start' pointing to the CBFS base address.
>
> Signed-off-by: Bin Meng <bmeng.cn at gmail.com>
> ---
>
>  fs/cbfs/cbfs.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Reviewed-by: Simon Glass <sjg at chromium.org>


More information about the U-Boot mailing list