[PATCH] drivers/mtd/ubispl/ubispl.c: limit copy size
Andrew Goodbody
andrew.goodbody at linaro.org
Mon Aug 4 16:15:52 CEST 2025
On 04/08/2025 14:37, Benedikt Spranger wrote:
> The fastmap VID header is embedded in struct ubi_scan_info. During fastmap
> scan, the header is copied into struct ubi_scan_info, if valid. The former
> code mixed up the amount of copied bytes and copied more bytes than
> nessesary. This had no side effect, since the affected struct members are
> uninitialized at that point and overwritten later.
>
> Limit the copied bytes to the VID header size.
>
> Signed-off-by: Benedikt Spranger <b.spranger at linutronix.de>
> Reported-by: Andrew Goodbody <andrew.goodbody at linaro.org>
> ---
> drivers/mtd/ubispl/ubispl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/mtd/ubispl/ubispl.c b/drivers/mtd/ubispl/ubispl.c
> index 9face5fae15..0143caa051d 100644
> --- a/drivers/mtd/ubispl/ubispl.c
> +++ b/drivers/mtd/ubispl/ubispl.c
> @@ -779,7 +779,7 @@ static int ubi_scan_fastmap(struct ubi_scan_info *ubi,
> * that already so we merily copy it over.
> */
> if (pnum == fm_anchor)
> - memcpy(vh, ubi->blockinfo + pnum, sizeof(*fm));
> + memcpy(vh, ubi->blockinfo + pnum, sizeof(*vh));
>
> if (i == 0) {
> if (be32_to_cpu(vh->vol_id) != UBI_FM_SB_VOLUME_ID) {
Reviewed-by: Andrew Goodbody <andrew.goodbody at linaro.org>
More information about the U-Boot
mailing list