mirrors/sunxi-tools
0
0
Fork 0
mirror of https://github.com/linux-sunxi/sunxi-tools.git synced 2024-11-23 09:56:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

fel: sid: fix stack overflow while reading from SID

Browse Source 
When reading from the SID device using the normal memory access method,
we upload our "readl" routine (via fel_readl_n()), which expects a number
of *words* to read. However length is given in *bytes*, so we read four
times as much, and overflow our key buffer, clobbering the return address.
This is typically fatal:
===============
$ ./sunxi-fel sid
02c05200:12345678:34567890:76543210
Segmentation fault (core dumped)
$
===============

Fix this by giving the number of (32-bit) words instead. We already
checked that length is a multiple of 4, so we can just divide.

Signed-off-by: Andre Przywara <osp@andrep.de>
This commit is contained in:
Andre Przywara 2023-11-03 00:58:04 +00:00 committed by Paul Kocialkowski
parent 91f9ccfc1a
commit fcb78657a2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fel_lib.c
View File

@ -623,7 +623,7 @@ int fel_read_sid(feldev_handle *dev, uint32_t *result,
else else
/* Read SID directly from memory */ /* Read SID directly from memory */
fel_readl_n(dev, soc->sid_base + soc->sid_offset + offset, fel_readl_n(dev, soc->sid_base + soc->sid_offset + offset,
result, length); result, length / 4);
return 0; return 0;
} }