MIPS: relocate_code: fix barebox image memcpy() size

Fork: 0

LuminaSensum / barebox

Browse code MIPS: relocate_code: fix barebox image memcpy() size In this relocate_code() piece 'length' is greater than 'barebox_image_size': #define MAX_BSS_SIZE SZ_1M ... length = barebox_image_size + MAX_BSS_SIZE; relocaddr = ALIGN_DOWN(ram_size - barebox_image_size, SZ_64K); ... memcpy((void *)relocaddr, __image_start, length); so 'ram_size' overflow occurs during memcpy(). Signed-off-by: Antony Pavlov <antonynpavlov@gmail.com> Tested-by: Oleksij Rempel <o.rempel@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> WIP_next-LS master next v2020.07.0 v2020.06.0 v2020.05.0 v2020.04.0 v2020.03.0 v2020.02.0 v2020.01.0 v2019.12.0 v2019.11.0 v2019.10.0 v2019.09.0 v2019.08.1 v2019.08.0
1 parent fc650c0 commit 2cd8bd64a360910943cf22f239cc946354b1ae47 Antony Pavlov authored on 18 Jun 2019 Sascha Hauer committed on 20 Jun 2019

Browse code

In this relocate_code() piece 'length' is greater than 'barebox_image_size':

    #define MAX_BSS_SIZE SZ_1M
    ...
    length = barebox_image_size + MAX_BSS_SIZE;
    relocaddr = ALIGN_DOWN(ram_size - barebox_image_size, SZ_64K);
    ...
    memcpy((void *)relocaddr, __image_start, length);

so 'ram_size' overflow occurs during memcpy().

Signed-off-by: Antony Pavlov <antonynpavlov@gmail.com>
Tested-by: Oleksij Rempel <o.rempel@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>

WIP_next-LS master next v2020.07.0 v2020.06.0 v2020.05.0 v2020.04.0 v2020.03.0 v2020.02.0 v2020.01.0 v2019.12.0 v2019.11.0 v2019.10.0 v2019.09.0 v2019.08.1 v2019.08.0

1 parent fc650c0 commit 2cd8bd64a360910943cf22f239cc946354b1ae47

Antony Pavlov authored on 18 Jun 2019

Sascha Hauer committed on 20 Jun 2019

Patch

Unified Split

Showing 1 changed file

Ignore Space Show notes View arch/mips/lib/reloc.c

Show line notes below