MIPS: relocate_code: fix barebox image memcpy() size
In this relocate_code() piece 'length' is greater than 'barebox_image_size': #define MAX_BSS_SIZE SZ_1M ... length = barebox_image_size + MAX_BSS_SIZE; relocaddr = ALIGN_DOWN(ram_size - barebox_image_size, SZ_64K); ... memcpy((void *)relocaddr, __image_start, length); so 'ram_size' overflow occurs during memcpy(). Signed-off-by: Antony Pavlov <antonynpavlov@gmail.com> Tested-by: Oleksij Rempel <o.rempel@pengutronix.de> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> |
---|
|
arch/mips/lib/reloc.c |
---|