diff options
| author | Vignesh Raghavendra <vigneshr@ti.com> | 2022-01-31 09:49:19 +0530 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2022-02-03 12:15:33 -0500 |
| commit | c1335e2ca5e3947a61d93c094fbb4a9be9afc4ff (patch) | |
| tree | 9122ad795a9164f943255e208243d9070bdbd13e /lib/efi_loader/efi_variable.c | |
| parent | cd59d44cfd5daebaab4b01a0a5f2931f9e4ed834 (diff) | |
spl: ymodem: Fix buffer overflow during Image copy
ymodem_read_fit() driver will end copying up to BUF_SIZE boundary even
when requested size of copy operation is less than that.
For example, if offset = 0, size = 1440B, ymodem_read_fit() ends up
copying 2KB from offset = 0, to destination buffer addr
This causes data corruption when malloc'd buffer is passed during UART
boot since commit 03f1f78a9b44 ("spl: fit: Prefer a malloc()'d buffer
for loading images")
With this, UART boot works again on K3 (AM654, J7, AM64) family of
devices.
Fixes: 03f1f78a9b44 ("spl: fit: Prefer a malloc()'d buffer for loading images")
Signed-off-by: Vignesh Raghavendra <vigneshr@ti.com>
Diffstat (limited to 'lib/efi_loader/efi_variable.c')
0 files changed, 0 insertions, 0 deletions