On 28/06/16 13:34, Michael Brown wrote:
On 28/06/16 13:30, Laszlo Ersek wrote:
On 06/24/16 06:39, Gary Lin wrote:
It seems that iPXE didn't initialize Scope, so the value was assigned
randomly (sort of).
diff --git a/src/interface/efi/efi_hii.c b/src/interface/efi/efi_hii.c
index 0ea970e..4b5aa9a 100644
--- a/src/interface/efi/efi_hii.c
+++ b/src/interface/efi/efi_hii.c
@@ -119,6 +119,7 @@ static void * efi_ifr_op ( struct efi_ifr_builder
*ifr, unsigned int opcode,
/* Fill in opcode header */
op->OpCode = opcode;
op->Length = len;
+ op->Scope = 0;
return op;
}
After applying this patch, the crash never happened again.
Awesome! Can you please send this patch to ipxe-devel? (Although I can
see Michael is on the address list anyway -- good!)
Got it; thank you!
Will check the related code; it may make sense to have efi_ifr_op()
always zero the whole of the newly allocated space first.
I think the following patch should fix the problem (and also avoid any
potential uninitialised-data problems in callers of efi_ifr_op()):
diff --git a/src/interface/efi/efi_hii.c b/src/interface/efi/efi_hii.c
index 0ea970e..506fc88 100644
--- a/src/interface/efi/efi_hii.c
+++ b/src/interface/efi/efi_hii.c
@@ -117,6 +117,7 @@ static void * efi_ifr_op ( struct efi_ifr_builder
*ifr, unsigned int opcode,
ifr->ops_len = new_ops_len;
/* Fill in opcode header */
+ memset ( op, 0, len );
op->OpCode = opcode;
op->Length = len;
Please let me know if this works.
Thanks!
Michael
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
