[U-Boot] [PATCH 6/6] bootm: correctly bounds-check decompression

Kees Cook Mon, 12 Aug 2013 19:27:44 -0700

This passes the actual memory allocation size for the destination to the
decompression routines, avoiding potential memory overflows.


Signed-off-by: Kees Cook <keesc...@chromium.org>
---
 common/cmd_bootm.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c
index ba0bcd4..ac4fad1 100644
--- a/common/cmd_bootm.c
+++ b/common/cmd_bootm.c
@@ -362,7 +362,7 @@ static int bootm_load_os(image_info_t os, ulong *load_end, 
int boot_progress)
 
        const char *type_name = genimg_get_type_name(os.type);
 
-       load_buf = map_sysmem(load, image_len);
+       load_buf = map_sysmem(load, unc_len);
        image_buf = map_sysmem(image_start, image_len);
        switch (comp) {
        case IH_COMP_NONE:
-- 
1.7.9.5

_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

[U-Boot] [PATCH 6/6] bootm: correctly bounds-check decompression

Reply via email to