Google Git
Sign in
android / platform / external / flashrom / 758e2fb4
commit758e2fb4579f1ec3a7bcdcbd943cd5e86726fcf2[log] [tgz]
authorDavid Hendricks <dhendrix@chromium.org>Tue Aug 19 20:34:43 2014 -0700
committerchrome-internal-fetch <chrome-internal-fetch@google.com>Fri Aug 22 05:47:47 2014 +0000
tree7051349f061af46119629b0b1fe0cbbb8d3dd69c
parent66a96497c0b57d6d57f09235f00d4ff84c4879e0 [diff]
Correct a potential buffer overrun in verify_range()

This moves the "chunksize" calculation that occurs when comparing
buffers to the beginning of the loop so it reflects the actual
number of bytes remaining after i is incremented. Rookie error.

This may have gone unnoticed for a long time since chunksize usually
divides the total length evenly, so the value of chunksize remained
the same for each iteration.

BUG=none
BRANCH=none
TEST=verify_read() no longer corrupts the read buffer on a wierdly
sized chunk.

Change-Id: I9b37fd237c94f7198c4ba0ce13171c8594f5dd09
Reviewed-on: https://chromium-review.googlesource.com/213232
Reviewed-by: Yung-chieh Lo <yjlou@chromium.org>
Tested-by: David Hendricks <dhendrix@chromium.org>
Commit-Queue: David Hendricks <dhendrix@chromium.org>
1 file changed
tree: 7051349f061af46119629b0b1fe0cbbb8d3dd69c
  1. Documentation/
  2. tests/
  3. util/
  4. .gitignore
  5. 82802ab.c
  6. a25.c
  7. arch.h
  8. at25.c
  9. atahpt.c
  10. big_lock.c
  11. big_lock.h
  12. bitbang_spi.c
  13. board_enable.c
  14. buspirate_spi.c
  15. cbtable.c
  16. chipdrivers.h
  17. chipset_enable.c
  18. cli_classic.c
  19. cli_mfg.c
  20. cli_output.c
  21. COPYING
  22. coreboot_tables.h
  23. cros_ec.c
  24. cros_ec.h
  25. cros_ec_commands.h
  26. cros_ec_dev.c
  27. cros_ec_dev.h
  28. cros_ec_i2c.c
  29. cros_ec_lock.c
  30. cros_ec_lock.h
  31. cros_ec_lpc.c
  32. csem.c
  33. csem.h
  34. dediprog.c
  35. dmi.c
  36. drkaiser.c
  37. dummyflasher.c
  38. ene_lpc.c
  39. fdtmap.c
  40. fdtmap.h
  41. file.c
  42. file.h
  43. flash.h
  44. flashchips.c
  45. flashchips.h
  46. flashrom.8
  47. flashrom.c
  48. fmap.c
  49. fmap.h
  50. ft2232_spi.c
  51. gfxnvidia.c
  52. hwaccess.c
  53. hwaccess.h
  54. ich_descriptors.c
  55. ich_descriptors.h
  56. ichspi.c
  57. internal.c
  58. ipc_lock.c
  59. ipc_lock.h
  60. it85spi.c
  61. it87spi.c
  62. jedec.c
  63. layout.c
  64. layout.h
  65. linux_i2c.c
  66. linux_spi.c
  67. locks.h
  68. m29f400bt.c
  69. Makefile
  70. mcp6x_spi.c
  71. mec1308.c
  72. nic3com.c
  73. nicintel.c
  74. nicintel_spi.c
  75. nicnatsemi.c
  76. nicrealtek.c
  77. ogp_spi.c
  78. opaque.c
  79. pcidev.c
  80. physmap.c
  81. pm49fl00x.c
  82. power.c
  83. power.h
  84. PRESUBMIT.cfg
  85. print.c
  86. print_wiki.c
  87. processor_enable.c
  88. programmer.c
  89. programmer.h
  90. rayer_spi.c
  91. README
  92. README.chromiumos
  93. s25fs.c
  94. satamv.c
  95. satasii.c
  96. sb600spi.c
  97. search.c
  98. search.h
  99. serial.c
  100. serprog.c
  101. sharplhf00l04.c
  102. spi.c
  103. spi.h
  104. spi25.c
  105. sst28sf040.c
  106. sst49lfxxxc.c
  107. sst_fwhub.c
  108. stm50flw0x0x.c
  109. udelay.c
  110. w29ee011.c
  111. w39.c
  112. wbsio_spi.c
  113. wpce775x.c
  114. writeprotect.c
  115. writeprotect.h