[coreboot] Patch set updated for coreboot: 9e8939d Fix Segmentation Fault in ifdtool

Stefan Reinauer (stefan.reinauer@coreboot.org) gerrit at coreboot.org
Wed Nov 7 20:04:20 CET 2012

Stefan Reinauer (stefan.reinauer at coreboot.org) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/1754


commit 9e8939db40a9b30e6f8d35e0405240c9a54ae919
Author: Stefan Reinauer <reinauer at chromium.org>
Date:   Tue Sep 25 13:30:48 2012 -0700

    Fix Segmentation Fault in ifdtool
    If a section is bigger than the FD file it is injected into, and the FD
    lies about the size of the FD file, ifdtool would crash because reading
    in the section writes beyound the FD file in memory.
    Change-Id: Idcfac2b1e2b5907fad34799e44a8abfd89190fcc
    Signed-off-by: Stefan Reinauer <reinauer at google.com>
 util/ifdtool/ifdtool.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/util/ifdtool/ifdtool.c b/util/ifdtool/ifdtool.c
index 1b418d1..1a8bf85 100644
--- a/util/ifdtool/ifdtool.c
+++ b/util/ifdtool/ifdtool.c
@@ -397,6 +397,12 @@ void inject_region(char *filename, char *image, int size, int region_type,
 		memset(image + region.base, 0xff, offset);
+	if (size < region.base + offset + region_size) {
+		fprintf(stderr, "Output file is too small. (%d < %d)\n",
+			size, region.base + offset + region_size);
+		exit(EXIT_FAILURE);
+	}
 	if (read(region_fd, image + region.base + offset, region_size)
 							!= region_size) {
 		perror("Could not read file");

More information about the coreboot mailing list