[PATCH v2] bootstage: Fix out-of-bounds read in reloc_bootstage()
Tom Rini
trini at konsulko.com
Fri Aug 16 05:47:24 CEST 2024
On Wed, 31 Jul 2024 18:07:54 +0200, Richard Weinberger wrote:
> bootstage_get_size() returns the total size of the data structure
> including associated records.
> When copying from gd->bootstage, only the allocation size of gd->bootstage
> must be used. Otherwise too much memory is copied.
>
> This bug caused no harm so far because gd->new_bootstage is always
> large enough and reading beyond the allocation length of gd->bootstage
> caused no problem due to the U-Boot memory layout.
>
> [...]
Applied to u-boot/next, thanks!
--
Tom
More information about the U-Boot
mailing list