diff options
author | Marshall Dawson <marshalldawson3rd@gmail.com> | 2017-07-19 16:14:03 -0600 |
---|---|---|
committer | Julius Werner <jwerner@chromium.org> | 2017-07-20 21:38:14 +0000 |
commit | 148a7a60d81875863f45572e5cdbd619c1d4aa98 (patch) | |
tree | 44ac994b0210b1c3ae90c89c858cfab3da30214b /payloads/libpayload/libc | |
parent | 65943e1670ebc2bd7717730acfb1137a6f5fe09f (diff) |
libpayload: Fix unaligned buffer logic in default_memset
Fix an issue when setting an unaligned buffer where n is less
than the difference of the rounded up pointer and the pointer.
This was identified where n=1 was passed. n was decremented
once, as expected, then decremented again after the while()
evaluated to false. This resulted in a new n of 4GB.
Change-Id: I862671bbe7efa8d370d0148e22ea55407e260053
Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com>
Reviewed-on: https://review.coreboot.org/20655
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Marc Jones <marc@marcjonesconsulting.com>
Diffstat (limited to 'payloads/libpayload/libc')
-rw-r--r-- | payloads/libpayload/libc/memory.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/payloads/libpayload/libc/memory.c b/payloads/libpayload/libc/memory.c index 2c44764edb..8d0172cc44 100644 --- a/payloads/libpayload/libc/memory.c +++ b/payloads/libpayload/libc/memory.c @@ -41,8 +41,10 @@ static void *default_memset(void *s, int c, size_t n) u8 *p = s; s = (void *)ALIGN_UP((uintptr_t)s, sizeof(unsigned long)); - while (p != (u8 *)s && n--) + while (p != (u8 *)s && n) { *p++ = c; + n--; + } for (i = 1; i < sizeof(unsigned long); i <<= 1) w = (w << (i * 8)) | w; |