> The current efi_get_memory_map() function overwrites the map_size
> property before reading its value. That way the sanity check whether our
> memory map fits into the given array always succeeds, potentially
> overwriting arbitrary payload memory.
> 
> This patch moves the property update write after its sanity check, so
> that the check actually verifies the correct value.
> 
> So far this has not triggered any known bugs, but we're better off safe
> than sorry.
> 
> If the buffer is to small, the returned memory_map_size indicates the
> required size to the caller.
> 
> Signed-off-by: Stefan Brüns <stefan.bru...@rwth-aachen.de>
> Reviewed-by: Alexander Graf <ag...@suse.de>

Thanks, applied to 
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot

Reply via email to