summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexandru Gagniuc <mr.nuke.me@gmail.com>2013-12-08 17:46:40 -0600
committerAlexandru Gagniuc <mr.nuke.me@gmail.com>2013-12-09 17:34:25 +0100
commitf87c20a00dca412ad8fa255ef38fd954762afa4b (patch)
treed2652e1d287cc51f02f7831c97a789f569eeb534
parent691b313c2807a5e9d293e9a520f951ea1319bb8f (diff)
downloadcoreboot-f87c20a00dca412ad8fa255ef38fd954762afa4b.tar.xz
cbfstool: Properly handle EOF in update_fit step
During the update_fit step, 'file_length' is used to determine how many bytes are left in the CBFS file. It was decremented in a loop from an array 'mcus[num_mcus].size', but 'num_mcus' was incremented right before. Since 'mcus' is memset(0) externally, 'file_length' was never decremented. The loop exited when it reached a dummy terminator, usually 48 bytes of 0 which are internationally added to microcode blobs in coreboot. However, if that terminator is removed, the loop doesn't stop and continues until it segfaults. Change-Id: I840727add69379ffef75b694d90402ed89769e3b Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-on: http://review.coreboot.org/4508 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@google.com>
-rw-r--r--util/cbfstool/fit.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/util/cbfstool/fit.c b/util/cbfstool/fit.c
index 02cfaee21d..c76ba480ad 100644
--- a/util/cbfstool/fit.c
+++ b/util/cbfstool/fit.c
@@ -216,8 +216,8 @@ static int parse_microcode_blob(struct cbfs_image *image,
/* Proceed to next payload. */
current_offset += mcus[num_mcus].size;
- num_mcus++;
file_length -= mcus[num_mcus].size;
+ num_mcus++;
/* Reached limit of FIT entries. */
if (num_mcus == *total_mcus)