diff options
author | Alexandru Gagniuc <mr.nuke.me@gmail.com> | 2013-12-08 17:46:40 -0600 |
---|---|---|
committer | Alexandru Gagniuc <mr.nuke.me@gmail.com> | 2013-12-09 17:34:25 +0100 |
commit | f87c20a00dca412ad8fa255ef38fd954762afa4b (patch) | |
tree | d2652e1d287cc51f02f7831c97a789f569eeb534 | |
parent | 691b313c2807a5e9d293e9a520f951ea1319bb8f (diff) | |
download | coreboot-f87c20a00dca412ad8fa255ef38fd954762afa4b.tar.xz |
cbfstool: Properly handle EOF in update_fit step
During the update_fit step, 'file_length' is used to determine how many
bytes are left in the CBFS file. It was decremented in a loop from an
array 'mcus[num_mcus].size', but 'num_mcus' was incremented right before.
Since 'mcus' is memset(0) externally, 'file_length' was never decremented.
The loop exited when it reached a dummy terminator, usually 48 bytes of 0
which are internationally added to microcode blobs in coreboot. However,
if that terminator is removed, the loop doesn't stop and continues until
it segfaults.
Change-Id: I840727add69379ffef75b694d90402ed89769e3b
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-on: http://review.coreboot.org/4508
Tested-by: build bot (Jenkins)
Reviewed-by: Aaron Durbin <adurbin@google.com>
-rw-r--r-- | util/cbfstool/fit.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/util/cbfstool/fit.c b/util/cbfstool/fit.c index 02cfaee21d..c76ba480ad 100644 --- a/util/cbfstool/fit.c +++ b/util/cbfstool/fit.c @@ -216,8 +216,8 @@ static int parse_microcode_blob(struct cbfs_image *image, /* Proceed to next payload. */ current_offset += mcus[num_mcus].size; - num_mcus++; file_length -= mcus[num_mcus].size; + num_mcus++; /* Reached limit of FIT entries. */ if (num_mcus == *total_mcus) |