diff options
author | Andre Przywara <osp@andrep.de> | 2023-11-03 03:58:04 +0300 |
---|---|---|
committer | Paul Kocialkowski <contact@paulk.fr> | 2023-11-03 18:24:51 +0300 |
commit | fcb78657a22229e7edd3a144a346a2286b0c8702 (patch) | |
tree | 99b249dac5ddd5ea1078d2b69396ca5d107ba042 | |
parent | 91f9ccfc1a64af988d4135ea4e4ee3374cd79d66 (diff) |
fel: sid: fix stack overflow while reading from SID
When reading from the SID device using the normal memory access method,
we upload our "readl" routine (via fel_readl_n()), which expects a number
of *words* to read. However length is given in *bytes*, so we read four
times as much, and overflow our key buffer, clobbering the return address.
This is typically fatal:
===============
$ ./sunxi-fel sid
02c05200:12345678:34567890:76543210
Segmentation fault (core dumped)
$
===============
Fix this by giving the number of (32-bit) words instead. We already
checked that length is a multiple of 4, so we can just divide.
Signed-off-by: Andre Przywara <osp@andrep.de>
-rw-r--r-- | fel_lib.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -623,7 +623,7 @@ int fel_read_sid(feldev_handle *dev, uint32_t *result, else /* Read SID directly from memory */ fel_readl_n(dev, soc->sid_base + soc->sid_offset + offset, - result, length); + result, length / 4); return 0; } |