brain-hackers_pepepper-mirror
/
u-boot-brain
mirror of https://github.com/brain-hackers/u-boot-brain
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

net: cortina_ni: buffer overrun 

When copying to a u32 field we should use sizeof(u32) and not
sizeof(*u32) in memcpy.

On 64bit systems like cortina_presidio-asic-emmc_defconfig using
sizeof(*u32) leads to a buffer overrun.

Fixes: febe13b438 ("net: cortina_ni: Add eth support for Cortina Access CAxxxx SoCs")
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Reviewed-By: Ramon Fried <rfried.dev@gmail.com>
This commit is contained in:
Heinrich Schuchardt 2021-02-20 10:44:04 +01:00 committed by Tom Rini
parent 6b0431dc21
commit df88a0e5cd
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/net/cortina_ni.c
View File

@ -713,7 +713,7 @@ static int cortina_eth_recv(struct udevice *dev, int flags, uchar **packetp)
priv->rx_xram_end_adr);
memcpy(&packet_status, rx_xram_ptr,
sizeof(rx_xram_ptr));
sizeof(*rx_xram_ptr));
if (packet_status.valid == 0) {
debug("%s: Invalid Packet !!, ", __func__);
debug("next_link=%d\n", next_link);