[PATCH v3 3/6] bloblist: fix a potential negative size for memmove
Raymond Mao
raymond.mao at linaro.org
Fri Jul 18 16:16:16 CEST 2025
It causes a panic when blob is shrunk and 'new_alloced' is less than
'next_ofs'. The data area that needs to be moved should end up at
'hdr->used_size'.
Fixes: 1fe59375498f ("bloblist: Support resizing a blob")
Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
---
Changes in v2:
- None.
Changes in v3:
- None.
common/bloblist.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/common/bloblist.c b/common/bloblist.c
index 488908f605e..550c0c78ffc 100644
--- a/common/bloblist.c
+++ b/common/bloblist.c
@@ -335,7 +335,7 @@ static int bloblist_resize_rec(struct bloblist_hdr *hdr,
next_ofs = bloblist_blob_end_ofs(hdr, rec);
if (next_ofs != hdr->used_size) {
memmove((void *)hdr + next_ofs + expand_by,
- (void *)hdr + next_ofs, new_alloced - next_ofs);
+ (void *)hdr + next_ofs, hdr->used_size - next_ofs);
}
hdr->used_size = new_alloced;
--
2.25.1
More information about the U-Boot
mailing list