[LinuxBIOS] [PATCH] romstream off-by-1

Roman Kononov kononov195-lbl at yahoo.com
Fri Feb 2 22:22:31 CET 2007


On 02/02/2007 10:57 AM, Stefan Reinauer wrote:
> I suggest comparing (rom + bytes - 1) > rom_end, because rom_end seems
> to be the logical border we're checking for.

(rom + bytes - 1 > rom_end) equals to (rom + bytes > rom_end + 1)
provided that
[rom,rom_end+1) does not cross 0x7fffffff+1 and ptrdiff_t is signed,
or
[rom,rom_end+1) does not corss 0xffffffff+1 and ptrdiff_t is unsigned.
In linuxbios, [rom,rom_end+1) crosses neither boundary.

Strictly speaking, an exception for the first statement is when
    ptrdiff_t is signed (which is our case);
    rom+bytes-1 does not overflow and is 0x7fffffff;
    rom+bytes does overflow and is 0x80000000;
    rom_end is, for example, 0xffff0000.
Then,
   (rom + bytes - 1 > rom_end) is true
   (rom + bytes > rom_end + 1) is false
For this to happen rom must be within
[0x00000000-0x7fffffff], which is impossible.

Any way, you flavor is attached.

Regards,

Signed-off-by: Roman Kononov <kononov195-lbl at yahoo.com>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: romstream.patch
Type: text/x-patch
Size: 457 bytes
Desc: not available
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20070202/40b42b43/attachment.patch>


More information about the coreboot mailing list