diff options
author | Stefano Babic <sbabic@denx.de> | 2010-10-20 08:51:45 +0200 |
---|---|---|
committer | Wolfgang Denk <wd@denx.de> | 2010-10-20 09:14:38 +0200 |
commit | 11c8dd36edcc82564a19dbd0103302df66d66db0 (patch) | |
tree | b2e6607a5d313a9185d8c1f961b4a9f50a1c6a38 /common/image.c | |
parent | 70994c79caec0b0304aa87d9695c79f1862ea340 (diff) | |
download | u-boot-imx-11c8dd36edcc82564a19dbd0103302df66d66db0.zip u-boot-imx-11c8dd36edcc82564a19dbd0103302df66d66db0.tar.gz u-boot-imx-11c8dd36edcc82564a19dbd0103302df66d66db0.tar.bz2 |
FAT: buffer overflow with FAT12/16
Last commit 3831530dcb7b71329c272ccd6181f8038b6a6dd0a was intended
"explicitly specify FAT12/16 root directory parsing buffer size, instead
of relying on cluster size". Howver, the underlying function requires
the size of the buffer in blocks, not in bytes, and instead of passing
a double sector size a request for 1024 blocks is sent. This generates
a buffer overflow with overwriting of other structure (in the case seen,
USB structures were overwritten).
Signed-off-by: Stefano Babic <sbabic@denx.de>
CC: Mikhail Zolotaryov <lebon@lebon.org.ua>
Diffstat (limited to 'common/image.c')
0 files changed, 0 insertions, 0 deletions