linux-sunxi/u-boot-sunxi
1
0
Fork 0
mirror of https://github.com/linux-sunxi/u-boot-sunxi.git synced 2024-02-12 11:16:03 +08:00
Code Issues Projects Releases Wiki Activity

FAT: buffer overflow with FAT12/16

Browse Source 
Last commit 3831530dcb was intended
"explicitly specify FAT12/16 root directory parsing buffer size, instead
of relying on cluster size". Howver, the underlying function requires
the size of the buffer in blocks, not in bytes, and instead of passing
a double sector size a request for 1024 blocks is sent. This generates
a buffer overflow with overwriting of other structure (in the case seen,
USB structures were overwritten).

Signed-off-by: Stefano Babic <sbabic@denx.de>
CC: Mikhail Zolotaryov <lebon@lebon.org.ua>
This commit is contained in:
Stefano Babic
2010-10-20 08:51:45 +02:00
committed by Wolfgang Denk
parent 70994c79ca
commit 11c8dd36ed
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
fs/fat/fat.c
View File

@ -858,7 +858,7 @@ do_fat_read (const char *filename, void *buffer, unsigned long maxsize,
if (disk_read(cursect,
(mydata->fatsize == 32) ?
(mydata->clust_size) :
LINEAR_PREFETCH_SIZE,
LINEAR_PREFETCH_SIZE / SECTOR_SIZE,
do_fat_read_block) < 0) {
debug("Error: reading rootdir block\n");
return -1;