[PATCH] spl: ymodem: Fix buffer overflow during Image copy
Tom Rini
trini at konsulko.com
Fri Feb 4 01:41:04 CET 2022
On Mon, Jan 31, 2022 at 09:49:19AM +0530, Vignesh Raghavendra wrote:
> ymodem_read_fit() driver will end copying up to BUF_SIZE boundary even
> when requested size of copy operation is less than that.
> For example, if offset = 0, size = 1440B, ymodem_read_fit() ends up
> copying 2KB from offset = 0, to destination buffer addr
>
> This causes data corruption when malloc'd buffer is passed during UART
> boot since commit 03f1f78a9b44 ("spl: fit: Prefer a malloc()'d buffer
> for loading images")
>
> With this, UART boot works again on K3 (AM654, J7, AM64) family of
> devices.
>
> Fixes: 03f1f78a9b44 ("spl: fit: Prefer a malloc()'d buffer for loading images")
> Signed-off-by: Vignesh Raghavendra <vigneshr at ti.com>
Applied to u-boot/master, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20220203/1c396e6b/attachment.sig>
More information about the U-Boot
mailing list