| Message ID | 1376348524-25510-7-git-send-email-keescook@chromium.org |
|---|---|
| State | Superseded |
| Delegated to: | Tom Rini |
| Headers | show |
Hi Kees, On Mon, Aug 12, 2013 at 5:02 PM, Kees Cook <keescook@chromium.org> wrote: > This passes the actual memory allocation size for the destination to the > decompression routines, avoiding potential memory overflows. > > Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> (doesn't actually change the result since this parameter is ignored, but it is certainly cleaner, thank you) Regards, Simon
diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c index ba0bcd4..ac4fad1 100644 --- a/common/cmd_bootm.c +++ b/common/cmd_bootm.c @@ -362,7 +362,7 @@ static int bootm_load_os(image_info_t os, ulong *load_end, int boot_progress) const char *type_name = genimg_get_type_name(os.type); - load_buf = map_sysmem(load, image_len); + load_buf = map_sysmem(load, unc_len); image_buf = map_sysmem(image_start, image_len); switch (comp) { case IH_COMP_NONE:
This passes the actual memory allocation size for the destination to the decompression routines, avoiding potential memory overflows. Signed-off-by: Kees Cook <keescook@chromium.org> --- common/cmd_bootm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)