On Mon, Jul 24, 2023 at 10:52 PM Simon Glass <sjg at chromium.org> wrote:
>
> This is copying beyond the end of the destination buffer. Correct the code
> by using a constant for the buffer size.
>
> This long-standing bug prevents virtio bootdevs working correctly on
> qemu-x86 at present.
Nice catch!
>
> Signed-off-by: Simon Glass <sjg at chromium.org>
> Fixes: 0ca2426beae ("x86: Add support for running option ROMs natively")
> ---
>
> arch/x86/lib/bios.c | 2 +-
> include/vesa.h | 4 +++-
> 2 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/lib/bios.c b/arch/x86/lib/bios.c
> index e29cae78e509..3a9d7f5ddd41 100644
> --- a/arch/x86/lib/bios.c
> +++ b/arch/x86/lib/bios.c
> @@ -204,7 +204,7 @@ static u8 vbe_get_mode_info(struct vesa_state *mi)
>
> realmode_interrupt(0x10, VESA_GET_MODE_INFO, 0x0000, mi->video_mode,
> 0x0000, buffer_seg, buffer_adr);
> - memcpy(mi->mode_info_block, buffer, sizeof(struct vesa_state));
> + memcpy(mi->mode_info_block, buffer, VESA_MODE_INFO_SIZE);
or "sizeof(struct vesa_mode_info)"
> mi->valid = true;
>
> return 0;
> diff --git a/include/vesa.h b/include/vesa.h
> index 9285bfa921a2..28828ab56aa4 100644
> --- a/include/vesa.h
> +++ b/include/vesa.h
> @@ -83,12 +83,14 @@ struct __packed vesa_mode_info {
> u8 reserved[206];
> };
>
> +#define VESA_MODE_INFO_SIZE 256
> +
> struct vesa_state {
> u16 video_mode;
> bool valid;
> union {
> struct vesa_mode_info vesa;
> - u8 mode_info_block[256];
> + u8 mode_info_block[VESA_MODE_INFO_SIZE];
> };
> };
>
Reviewed-by: Bin Meng <bmeng.cn at gmail.com>