summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorZhuo-Hao Lee <zhuo-hao.lee@intel.com>2014-12-24 11:13:34 +0800
committerAlexandru Gagniuc <mr.nuke.me@gmail.com>2015-01-20 14:14:08 +0100
commit29445dc44ee6bfb2617443e0faa985a93d9272f2 (patch)
treee73ade48bf5f2a69649d1f24579290f6e4d1b281 /src
parent7e72abef1b74e30fe9dcfe7dd1c90778388f15f3 (diff)
device/oprom/realmode/x86: Fix memory corruption
The length of the memcpy is incorrect and this will cause the destination buffer to corrupt the following 2 bytes of data. BUG=none BRANCH=All TEST=build and boot on rambi, system boot up without error Change-Id: I96adf2555b01aa35bb38a2e0f221fc2b2e87a41b Signed-off-by: Zhuo-Hao Lee <zhuo-hao.lee@intel.com> Reviewed-on: https://chromium-review.googlesource.com/237510 Reviewed-by: Ryan Lin <ryan.lin@intel.com> Reviewed-by: Duncan Laurie <dlaurie@chromium.org> [Remove usage of macro `FIELD_SIZEOF(t, f)`.] Signed-off-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-on: http://review.coreboot.org/8227 Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Tested-by: build bot (Jenkins)
Diffstat (limited to 'src')
-rw-r--r--src/device/oprom/realmode/x86.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/device/oprom/realmode/x86.c b/src/device/oprom/realmode/x86.c
index fc3c40c789..461cb06541 100644
--- a/src/device/oprom/realmode/x86.c
+++ b/src/device/oprom/realmode/x86.c
@@ -233,7 +233,7 @@ static u8 vbe_get_mode_info(vbe_mode_info_t * mi)
u16 buffer_adr = ((unsigned long)buffer) & 0xffff;
realmode_interrupt(0x10, VESA_GET_MODE_INFO, 0x0000,
mi->video_mode, 0x0000, buffer_seg, buffer_adr);
- memcpy(mi->mode_info_block, buffer, sizeof(vbe_mode_info_t));
+ memcpy(mi->mode_info_block, buffer, sizeof(mi->mode_info_block));
mode_info_valid = 1;
return 0;
}