Hi, I found a buffer overflow in console_clear() which result in a system reset in my case.
F u nction console_clear_line() uses ">> 2" when calling memsetl. Function console_scrollup() uses ">> 2" when calling memcpyl. Function video_clear() uses "/ size(int)" when calling memsetl . ">> 2" could be replace by "/ size(int)" as in video_clear(). I used ">> 2" strictly because console functions are written that way. CONSOLE_SIZE is expressed in byte(X * Y * bytes per pixel) and memsetl uses int(4 bytes) as copy size. In n console_clear(), this result in writing 4 times the buffer size. Best regards Frédéric Nadeau diff --git a/drivers/video/cfb_console.c b/drivers/video/cfb_console.c index a81affa..620935e 100644 --- a/drivers/video/cfb_console.c +++ b/drivers/video/cfb_console.c @@ -798,7 +798,7 @@ static void console_clear(void) bgx /* fill color */ ); #else - memsetl(CONSOLE_ROW_FIRST, CONSOLE_SIZE, bgx); + memsetl(CONSOLE_ROW_FIRST, CONSOLE_SIZE >> 2 , bgx); #endif } _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot