summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRafał Miłecki <zajec5@gmail.com>2015-07-07 21:21:49 +0000
committerRafał Miłecki <zajec5@gmail.com>2015-07-07 21:21:49 +0000
commit9f158499108eae39555bc65d1abfd86bd0c65533 (patch)
treed4713ec6f154f1e844b3a77daebc190003bed193
parent08790c5ee8bfca46d0afe973e336e44e27e35a8c (diff)
downloadmtk-20170518-9f158499108eae39555bc65d1abfd86bd0c65533.zip
mtk-20170518-9f158499108eae39555bc65d1abfd86bd0c65533.tar.gz
mtk-20170518-9f158499108eae39555bc65d1abfd86bd0c65533.tar.bz2
nvram: fix "Segmentation fault" caused by setting memory out of buffer
Some MTD partitions with NVRAM have content starting in the middle. In such case offset is set and nvram_header returns pointer to the middle. It means we have to respect offset when calculating remaining space. By the way use real MTD partition size (nvram_part_size variable) as we may want to bump NVRAM_SPACE in the (very near) future. Signed-off-by: Rafał Miłecki <zajec5@gmail.com> SVN-Revision: 46251
-rw-r--r--package/utils/nvram/src/nvram.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/package/utils/nvram/src/nvram.c b/package/utils/nvram/src/nvram.c
index c4bcb1d..c490597 100644
--- a/package/utils/nvram/src/nvram.c
+++ b/package/utils/nvram/src/nvram.c
@@ -286,11 +286,11 @@ int nvram_commit(nvram_handle_t *h)
/* Clear data area */
ptr = (char *) header + sizeof(nvram_header_t);
- memset(ptr, 0xFF, NVRAM_SPACE - sizeof(nvram_header_t));
+ memset(ptr, 0xFF, nvram_part_size - h->offset - sizeof(nvram_header_t));
memset(&tmp, 0, sizeof(nvram_header_t));
/* Leave space for a double NUL at the end */
- end = (char *) header + NVRAM_SPACE - 2;
+ end = (char *) header + nvram_part_size - h->offset - 2;
/* Write out all tuples */
for (i = 0; i < NVRAM_ARRAYSIZE(h->nvram_hash); i++) {