rpms / lshw

Clone
Source Code
GIT

Blame SOURCES/0035-devtree-Don-t-overrun-dimminfo-buffer.patch

c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c7-alt
  2.   SOURCES
  3.   0035-devtree-Don-t-overrun-dimminfo-buffer.patch
Blob History Raw
21ef37 
From 54a9827172d4fb94447e81f598200c7d5d41db05 Mon Sep 17 00:00:00 2001
21ef37 
From: Jeremy Kerr <jk@ozlabs.org>
21ef37 
Date: Tue, 6 Sep 2016 13:32:03 +0800
21ef37 
Subject: [PATCH 35/43] devtree: Don't overrun dimminfo buffer
21ef37
21ef37 
The SPD size fields report the total size of the SPD, but we're reading
21ef37 
into 128-bytes beyond the start of our spd buffer. So, we currently
21ef37 
overrung our stack-allocated dimminfo buffer.
21ef37
21ef37 
This change takes account of the data we've already read.
21ef37
21ef37 
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
21ef37 
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
21ef37 
---
21ef37 
 src/core/device-tree.cc | 8 ++++++--
21ef37 
 1 file changed, 6 insertions(+), 2 deletions(-)
21ef37
21ef37 
diff --git a/src/core/device-tree.cc b/src/core/device-tree.cc
21ef37 
index 2d908d2..e286ab4 100644
21ef37 
--- a/src/core/device-tree.cc
21ef37 
+++ b/src/core/device-tree.cc
21ef37 
@@ -763,6 +763,7 @@ static void add_memory_bank_spd(string path, hwNode & bank)
21ef37 
   unsigned char partno_offset;
21ef37 
   unsigned char ver_offset;
21ef37 
   int fd;
21ef37 
+  size_t len = 0;
21ef37 
   dimminfo_buf dimminfo;
21ef37
21ef37 
   fd = open(path.c_str(), O_RDONLY);
21ef37 
@@ -778,11 +779,14 @@ static void add_memory_bank_spd(string path, hwNode & bank)
21ef37 
   /* Read entire SPD eeprom */
21ef37 
   if (dimminfo[2] >= 9) /* DDR3 */
21ef37 
   {
21ef37 
-    read(fd, &dimminfo[0x80], (64 << ((dimminfo[0] & 0x70) >> 4)));
21ef37 
+    len = 64 << ((dimminfo[0] & 0x70) >> 4);
21ef37 
   } else if (dimminfo[0] < 15) { /* DDR 2 */
21ef37 
-    read(fd, &dimminfo[0x80], (1 << (dimminfo[1])));
21ef37 
+    len = 1 << dimminfo[1];
21ef37 
   }
21ef37
21ef37 
+  if (len > 0x80)
21ef37 
+    read(fd, &dimminfo[0x80], len - 0x80);
21ef37 
+
21ef37 
   close(fd);
21ef37
21ef37 
   if (dimminfo[2] >= 9) {
21ef37 
--
21ef37 
2.10.2
21ef37

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation