forked from Minki/linux
PCI: Avoid accessing memory outside the ROM BAR
pci_get_rom_size() accepts the base and size of the ROM BAR as arguments. The byte at "rom + size" is the first byte *past* the ROM, so change ">" to ">=" to avoid accessing beyond the actual length of the ROM BAR. Signed-off-by: Rex Zhu <Rex.Zhu@amd.com> [bhelgaas: changelog] Signed-off-by: Bjorn Helgaas <bhelgaas@google.com> Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
This commit is contained in:
parent
11eb0e0e8d
commit
445ec321e7
@ -106,7 +106,7 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size)
|
||||
length = readw(pds + 16);
|
||||
image += length * 512;
|
||||
/* Avoid iterating through memory outside the resource window */
|
||||
if (image > rom + size)
|
||||
if (image >= rom + size)
|
||||
break;
|
||||
} while (length && !last_image);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user