diff options
| author | Ye.Li <B37916@freescale.com> | 2014-07-09 17:49:07 +0800 |
|---|---|---|
| committer | Ye.Li <B37916@freescale.com> | 2014-07-09 18:05:06 +0800 |
| commit | 442529a6ff23016e7eb01f39c9fe3f51cda88234 (patch) | |
| tree | c78ae39bec620e07bbc8f8e42dd1f000fdfa2088 | |
| parent | 3695635d2f7d6e62ce555c684426aa36df2f6df6 (diff) | |
| download | u-boot-imx-442529a6ff23016e7eb01f39c9fe3f51cda88234.zip u-boot-imx-442529a6ff23016e7eb01f39c9fe3f51cda88234.tar.gz u-boot-imx-442529a6ff23016e7eb01f39c9fe3f51cda88234.tar.bz2 | |
ENGR00321577 iMX6:Android: Fixed memory overrun issue in do_booti
When booting from NAND, the memory copy to boothdr uses the size
of fastboot_boot_img_hdr structure which is actually larger than
boothdr size. This causes the u-boot heap corruption and failed
to allocate memory any more.
Signed-off-by: Ye.Li <B37916@freescale.com>
| -rw-r--r-- | common/cmd_fastboot.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/common/cmd_fastboot.c b/common/cmd_fastboot.c index a8ad8e2..d0a929d 100644 --- a/common/cmd_fastboot.c +++ b/common/cmd_fastboot.c @@ -1505,7 +1505,7 @@ bootimg_print_image_hdr(struct fastboot_boot_img_hdr *hdr) #endif } -static unsigned char boothdr[512] __aligned(ARCH_DMA_MINALIGN); +static struct fastboot_boot_img_hdr boothdr __aligned(ARCH_DMA_MINALIGN); #define ALIGN_SECTOR(n, pagesz) ((n + (pagesz - 1)) & (~(pagesz - 1))) @@ -1543,7 +1543,7 @@ int do_booti(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[]) unsigned addr = 0; char *ptn = "boot"; int mmcc = -1; - struct fastboot_boot_img_hdr *hdr = (void *)boothdr; + struct fastboot_boot_img_hdr *hdr = &boothdr; #ifdef CONFIG_SECURE_BOOT u_int32_t load_addr; uint32_t image_size; |