morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity

stub: mem fixes in devicetree addon handling (#33624)

Browse Source 
* stub: mem fixes in devicetree addon handling

Two bugs here: The elements are of size `DevicetreeAddon`, not `size_t`,
and `[]` binds stronger than `*`. This means the first element is ok,
but the second corrupts the stack.

Found this while refactoring #32463
This commit is contained in:
tfg13
2024-07-04 19:08:55 +01:00
committed by GitHub
parent 44ec70489f
commit 34c6d8fe40
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/boot/efi/stub.c
View File

@@ -463,10 +463,10 @@ static EFI_STATUS load_addons(
if (devicetree_addons && PE_SECTION_VECTOR_IS_SET(sections + UNIFIED_SECTION_DTB)) {
*devicetree_addons = xrealloc(*devicetree_addons,
*n_devicetree_addons * sizeof(size_t),
(*n_devicetree_addons + 1) * sizeof(size_t));
*n_devicetree_addons * sizeof(DevicetreeAddon),
(*n_devicetree_addons + 1) * sizeof(DevicetreeAddon));
*devicetree_addons[(*n_devicetree_addons)++] = (DevicetreeAddon) {
(*devicetree_addons)[(*n_devicetree_addons)++] = (DevicetreeAddon) {
.blob = {
.iov_base = xmemdup((const uint8_t*) loaded_addon->ImageBase + sections[UNIFIED_SECTION_DTB].memory_offset, sections[UNIFIED_SECTION_DTB].size),
.iov_len = sections[UNIFIED_SECTION_DTB].size,