rpms / lshw

Clone
Source Code
GIT

Blame SOURCES/0035-devtree-Don-t-overrun-dimminfo-buffer.patch

c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   bd7bb75274fb2afd46c79651953411f8700218a3
  2.   SOURCES
  3.   0035-devtree-Don-t-overrun-dimminfo-buffer.patch
Blob History Raw
99c779 
From 54a9827172d4fb94447e81f598200c7d5d41db05 Mon Sep 17 00:00:00 2001
99c779 
From: Jeremy Kerr <jk@ozlabs.org>
99c779 
Date: Tue, 6 Sep 2016 13:32:03 +0800
99c779 
Subject: [PATCH 35/43] devtree: Don't overrun dimminfo buffer
99c779
99c779 
The SPD size fields report the total size of the SPD, but we're reading
99c779 
into 128-bytes beyond the start of our spd buffer. So, we currently
99c779 
overrung our stack-allocated dimminfo buffer.
99c779
99c779 
This change takes account of the data we've already read.
99c779
99c779 
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
99c779 
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
99c779 
---
99c779 
 src/core/device-tree.cc | 8 ++++++--
99c779 
 1 file changed, 6 insertions(+), 2 deletions(-)
99c779
99c779 
diff --git a/src/core/device-tree.cc b/src/core/device-tree.cc
99c779 
index 2d908d2..e286ab4 100644
99c779 
--- a/src/core/device-tree.cc
99c779 
+++ b/src/core/device-tree.cc
99c779 
@@ -763,6 +763,7 @@ static void add_memory_bank_spd(string path, hwNode & bank)
99c779 
   unsigned char partno_offset;
99c779 
   unsigned char ver_offset;
99c779 
   int fd;
99c779 
+  size_t len = 0;
99c779 
   dimminfo_buf dimminfo;
99c779
99c779 
   fd = open(path.c_str(), O_RDONLY);
99c779 
@@ -778,11 +779,14 @@ static void add_memory_bank_spd(string path, hwNode & bank)
99c779 
   /* Read entire SPD eeprom */
99c779 
   if (dimminfo[2] >= 9) /* DDR3 */
99c779 
   {
99c779 
-    read(fd, &dimminfo[0x80], (64 << ((dimminfo[0] & 0x70) >> 4)));
99c779 
+    len = 64 << ((dimminfo[0] & 0x70) >> 4);
99c779 
   } else if (dimminfo[0] < 15) { /* DDR 2 */
99c779 
-    read(fd, &dimminfo[0x80], (1 << (dimminfo[1])));
99c779 
+    len = 1 << dimminfo[1];
99c779 
   }
99c779
99c779 
+  if (len > 0x80)
99c779 
+    read(fd, &dimminfo[0x80], len - 0x80);
99c779 
+
99c779 
   close(fd);
99c779
99c779 
   if (dimminfo[2] >= 9) {
99c779 
--
99c779 
2.10.2
99c779

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation