[coreboot] new cbfstool has an allocation bug of some sort

ron minnich rminnich at gmail.com
Thu Sep 17 02:08:37 CEST 2009


There is unquestionably a bug in the allocation in int
parse_elf_to_payload that is resulting in a trashed malloc arena.

I'm not quite sure I understand it yet but this happens: I have a filo
payload which has 47516 bytes of data in two segments. The code
parse_elf_to_payload computes the amount of memory to allocate and
computes 47628. But the code then goes on to overwrite 47676 bytes of
data. There is some simple calculation going wrong, starting me in the
face ... I don't see it yet, but one of you might.

The result is this:

*** glibc detected *** ./cbfs/cbfstool: malloc: top chunk is corrupt:
0x0000000000d4fd60 ***

I have fixed this for now: I allocate 1048576 more bytes then needed :-)

ron




More information about the coreboot mailing list