Hi Björn,
could you please test the attached patch as well? It's the final fix I
hope to commit.
Thanks!
Regards,
Carl-Daniel
Index: flashrom-tmp1/layout.c
===================================================================
--- flashrom-tmp1/layout.c (Revision 3407)
+++ flashrom-tmp1/layout.c (Arbeitskopie)
@@ -21,6 +21,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <ctype.h>
#include <stdint.h>
#include "flash.h"
@@ -57,7 +58,18 @@
walk--;
}
- if ((*walk) == 0 || ((*walk) & 0x3ff) != 0) {
+ /*
+ * Check if coreboot last image size is 0 or not a multiple of 1k or
+ * bigger than the chip or if the pointers to vendor ID or mainboard ID
+ * are outside the image of if the start of ID strings are nonsensical
+ * (nonprintable and not \0).
+ */
+ if ((*walk) == 0 || ((*walk) & 0x3ff) != 0 || *walk > size ||
+ *(walk - 1) > size || *(walk - 2) > size ||
+ (!isprint((const char *)(bios + size - *(walk - 1))) &&
+ ((const char *)(bios + size - *(walk - 1)))) ||
+ (!isprint((const char *)(bios + size - *(walk - 2))) &&
+ ((const char *)(bios + size - *(walk - 2))))) {
printf("Flash image seems to be a legacy BIOS. Disabling
checks.\n");
mainboard_vendor = def_name;
mainboard_part = def_name;
--
coreboot mailing list
[email protected]
http://www.coreboot.org/mailman/listinfo/coreboot
