[PATCH 1/1] smbios: buffer overflow when zeroing entry point

Thu Jan 11 07:34:08 CET 2024

A SMBIOS 3 entry point has a different length than an SMBIOS 2.1 entry
point.

Fixes: 70924294f375 ("smbios: Use SMBIOS 3.0 to support an address above 4GB")
Fixes: 1c5f6fa3883d ("smbios: Drop support for SMBIOS2 tables")
Addresses-Coverity-ID: 477212 ("Wrong sizeof argument")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
---
 lib/smbios.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/smbios.c b/lib/smbios.c
index 41aa936c4c..25595f55ab 100644
--- a/lib/smbios.c
+++ b/lib/smbios.c
@@ -591,8 +591,8 @@ ulong write_smbios_table(ulong addr)
 	table_addr = (ulong)map_sysmem(tables, 0);
 
 	/* now go back and write the SMBIOS3 header */
-	se = map_sysmem(start_addr, sizeof(struct smbios_entry));
-	memset(se, '\0', sizeof(struct smbios_entry));
+	se = map_sysmem(start_addr, sizeof(struct smbios3_entry));
+	memset(se, '\0', sizeof(struct smbios3_entry));
 	memcpy(se->anchor, "_SM3_", 5);
 	se->length = sizeof(struct smbios3_entry);
 	se->major_ver = SMBIOS_MAJOR_VER;
-- 
2.43.0

