leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

PCI: Avoid accessing memory outside the ROM BAR

Browse Source 
pci_get_rom_size() accepts the base and size of the ROM BAR as arguments.
The byte at "rom + size" is the first byte *past* the ROM, so change ">" to
">=" to avoid accessing beyond the actual length of the ROM BAR.

Signed-off-by: Rex Zhu <Rex.Zhu@amd.com>
[bhelgaas: changelog]
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
This commit is contained in:
Rex Zhu 2018-06-05 09:46:45 +08:00 committed by Bjorn Helgaas
parent 11eb0e0e8d
commit 445ec321e7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/pci/rom.c
View File

@ -106,7 +106,7 @@ size_t pci_get_rom_size(struct pci_dev *pdev, void __iomem *rom, size_t size)
length = readw(pds + 16); length = readw(pds + 16);
image += length * 512; image += length * 512;
/* Avoid iterating through memory outside the resource window */ /* Avoid iterating through memory outside the resource window */
if (image > rom + size) if (image >= rom + size)
break; break;
} while (length && !last_image); } while (length && !last_image);