summaryrefslogtreecommitdiff
path: root/payloads/libpayload/libc
diff options
context:
space:
mode:
authorMarshall Dawson <marshalldawson3rd@gmail.com>2017-07-19 16:14:03 -0600
committerJulius Werner <jwerner@chromium.org>2017-07-20 21:38:14 +0000
commit148a7a60d81875863f45572e5cdbd619c1d4aa98 (patch)
tree44ac994b0210b1c3ae90c89c858cfab3da30214b /payloads/libpayload/libc
parent65943e1670ebc2bd7717730acfb1137a6f5fe09f (diff)
libpayload: Fix unaligned buffer logic in default_memset
Fix an issue when setting an unaligned buffer where n is less than the difference of the rounded up pointer and the pointer. This was identified where n=1 was passed. n was decremented once, as expected, then decremented again after the while() evaluated to false. This resulted in a new n of 4GB. Change-Id: I862671bbe7efa8d370d0148e22ea55407e260053 Signed-off-by: Marshall Dawson <marshalldawson3rd@gmail.com> Reviewed-on: https://review.coreboot.org/20655 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Julius Werner <jwerner@chromium.org> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-by: Marc Jones <marc@marcjonesconsulting.com>
Diffstat (limited to 'payloads/libpayload/libc')
-rw-r--r--payloads/libpayload/libc/memory.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/payloads/libpayload/libc/memory.c b/payloads/libpayload/libc/memory.c
index 2c44764edb..8d0172cc44 100644
--- a/payloads/libpayload/libc/memory.c
+++ b/payloads/libpayload/libc/memory.c
@@ -41,8 +41,10 @@ static void *default_memset(void *s, int c, size_t n)
u8 *p = s;
s = (void *)ALIGN_UP((uintptr_t)s, sizeof(unsigned long));
- while (p != (u8 *)s && n--)
+ while (p != (u8 *)s && n) {
*p++ = c;
+ n--;
+ }
for (i = 1; i < sizeof(unsigned long); i <<= 1)
w = (w << (i * 8)) | w;