[LinuxBIOS] [PATCH] v3: lar header walk off-by-one
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2006 at gmx.net
Wed Sep 26 18:01:10 CEST 2007
OK, this patch is not for the weak of hart because it touches some logic
we had lots of problems with in the past.
Basically, the lar archive header walk will not see a header at the end
of the archive if nothing is after that header. However, since a file
with zero size is a legal lar member, we really can't forbid to look at
a header terminating the archive.
Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006 at gmx.net>
Index: LinuxBIOSv3/lib/lar.c
===================================================================
--- LinuxBIOSv3/lib/lar.c (Revision 501)
+++ LinuxBIOSv3/lib/lar.c (Arbeitskopie)
@@ -90,7 +90,7 @@
* Unsigned pointer arithmetic that wraps to zero can be messy.
*/
for (walk = archive->start;
- (walk < (char *)(archive->start + archive->len - sizeof(struct lar_header))) &&
+ (walk <= (char *)(archive->start + archive->len - sizeof(struct lar_header))) &&
(walk >= (char *)archive->start); walk += 16) {
if (strncmp(walk, MAGIC, 8) != 0)
continue;
More information about the coreboot
mailing list