From 54a9827172d4fb94447e81f598200c7d5d41db05 Mon Sep 17 00:00:00 2001 From: Jeremy Kerr Date: Tue, 6 Sep 2016 13:32:03 +0800 Subject: [PATCH 35/43] devtree: Don't overrun dimminfo buffer The SPD size fields report the total size of the SPD, but we're reading into 128-bytes beyond the start of our spd buffer. So, we currently overrung our stack-allocated dimminfo buffer. This change takes account of the data we've already read. Signed-off-by: Jeremy Kerr Signed-off-by: Vasant Hegde --- src/core/device-tree.cc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/core/device-tree.cc b/src/core/device-tree.cc index 2d908d2..e286ab4 100644 --- a/src/core/device-tree.cc +++ b/src/core/device-tree.cc @@ -763,6 +763,7 @@ static void add_memory_bank_spd(string path, hwNode & bank) unsigned char partno_offset; unsigned char ver_offset; int fd; + size_t len = 0; dimminfo_buf dimminfo; fd = open(path.c_str(), O_RDONLY); @@ -778,11 +779,14 @@ static void add_memory_bank_spd(string path, hwNode & bank) /* Read entire SPD eeprom */ if (dimminfo[2] >= 9) /* DDR3 */ { - read(fd, &dimminfo[0x80], (64 << ((dimminfo[0] & 0x70) >> 4))); + len = 64 << ((dimminfo[0] & 0x70) >> 4); } else if (dimminfo[0] < 15) { /* DDR 2 */ - read(fd, &dimminfo[0x80], (1 << (dimminfo[1]))); + len = 1 << dimminfo[1]; } + if (len > 0x80) + read(fd, &dimminfo[0x80], len - 0x80); + close(fd); if (dimminfo[2] >= 9) { -- 2.10.2