From 0c3929092d13cf12d6b9383f057e663b6334ee04 Mon Sep 17 00:00:00 2001
From: Duncan Laurie <dlaurie@chromium.org>
Date: Tue, 23 Oct 2012 18:04:43 +0000
Subject: x86: Fix off-by-one error in do_elf_reloc_fixups()

The use of post-increment with a do-while loop results in
the loop going one step too far when handling relocation fixups.

In about 1/100 cases this would cause it to hang.

Signed-off-by: Duncan Laurie <dlaurie@chromium.org>
Signed-off-by: Simon Glass <sjg@chromium.org>
---
 arch/x86/lib/relocate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'arch/x86/lib/relocate.c')

diff --git a/arch/x86/lib/relocate.c b/arch/x86/lib/relocate.c
index 200baab..c0b9b29 100644
--- a/arch/x86/lib/relocate.c
+++ b/arch/x86/lib/relocate.c
@@ -85,7 +85,7 @@ int do_elf_reloc_fixups(void)
 				*offset_ptr_ram += gd->reloc_off;
 			}
 		}
-	} while (re_src++ < re_end);
+	} while (++re_src < re_end);
 
 	return 0;
 }
-- 
cgit v1.1


From 842d33874fddd8b6d2005987c53d05958985441a Mon Sep 17 00:00:00 2001
From: Gabe Black <gabeblack@chromium.org>
Date: Sat, 3 Nov 2012 11:41:25 +0000
Subject: x86: Make the upper bound on relocated symbols closed instead of open

This seems to be a bug.

Signed-off-by: Simon Glass <sjg@chromium.org>
---
 arch/x86/lib/relocate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'arch/x86/lib/relocate.c')

diff --git a/arch/x86/lib/relocate.c b/arch/x86/lib/relocate.c
index c0b9b29..23edca9 100644
--- a/arch/x86/lib/relocate.c
+++ b/arch/x86/lib/relocate.c
@@ -80,7 +80,7 @@ int do_elf_reloc_fixups(void)
 
 			/* Check that the target points into .text */
 			if (*offset_ptr_ram >= CONFIG_SYS_TEXT_BASE &&
-					*offset_ptr_ram <
+					*offset_ptr_ram <=
 					(CONFIG_SYS_TEXT_BASE + size)) {
 				*offset_ptr_ram += gd->reloc_off;
 			}
-- 
cgit v1.1