[Skiboot] [PATCH] pflash: fix buffer overflow: fl_total_size uint32_t not uint64_t
Stewart Smith
stewart at linux.vnet.ibm.com
Fri Sep 2 16:27:47 AEST 2016
Stewart Smith <stewart at linux.vnet.ibm.com> writes:
> This ends up being harmless bug due to memory layout.
>
> $ ./pflash -F ~/op-build/output/images/firestone.pnor -i
> ==31829==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000062f0
> 80 at pc 0x410226 bp 0x7ffedba9c950 sp 0x7ffedba9c948
> WRITE of size 8 at 0x00000062f080 thread T0
> #0 0x410225 in file_get_info (/home/stewart/skiboot/external/pflash/pflash+0
> x410225)
> #1 0x40d832 in blocklevel_get_info (/home/stewart/skiboot/external/pflash/pf
> lash+0x40d832)
> #2 0x401f0c in main (/home/stewart/skiboot/external/pflash/pflash+0x401f0c)
> #3 0x7fc77439ab44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21
> b44)
> #4 0x403884 (/home/stewart/skiboot/external/pflash/pflash+0x403884)
>
> Signed-off-by: Stewart Smith <stewart at linux.vnet.ibm.com>
> ---
> external/pflash/pflash.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
Merged to master as of 7bf89d68b8dd3b12d4540e9901f9d5ed325cf94d
--
Stewart Smith
OPAL Architect, IBM.
More information about the Skiboot
mailing list