From: Kees Cook Date: Fri, 16 Aug 2013 14:59:16 +0000 (-0700) Subject: bootm: allow correct bounds-check of destination X-Git-Tag: v2013.10-rc3~29 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=315c0ace7c220591a9b220ab7698e85624b430c0;p=kernel%2Fu-boot.git bootm: allow correct bounds-check of destination While nothing presently examines the destination size, it should at least be correct so that future users of sys_mapmem() will not be surprised. Without this, it might be possible to overflow memory. Signed-off-by: Kees Cook Acked-by: Simon Glass --- diff --git a/common/cmd_bootm.c b/common/cmd_bootm.c index 2dd2642..b07b0f4 100644 --- a/common/cmd_bootm.c +++ b/common/cmd_bootm.c @@ -368,7 +368,7 @@ static int bootm_load_os(bootm_headers_t *images, unsigned long *load_end, const char *type_name = genimg_get_type_name(os.type); - load_buf = map_sysmem(load, image_len); + load_buf = map_sysmem(load, unc_len); image_buf = map_sysmem(image_start, image_len); switch (comp) { case IH_COMP_NONE: