KumiSystems/openwrtv3
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nvram: fix "Segmentation fault" caused by setting memory out of buffer

Browse source 
Some MTD partitions with NVRAM have content starting in the middle. In
such case offset is set and nvram_header returns pointer to the middle.
It means we have to respect offset when calculating remaining space.

By the way use real MTD partition size (nvram_part_size variable) as we
may want to bump NVRAM_SPACE in the (very near) future.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

SVN-Revision: 46251
This commit is contained in:
Rafał Miłecki 2015-07-07 21:21:49 +00:00
parent 08790c5ee8
commit 9f15849910
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
package/utils/nvram/src/nvram.c
View file

@ -286,11 +286,11 @@ int nvram_commit(nvram_handle_t *h)
/* Clear data area */ /* Clear data area */
ptr = (char *) header + sizeof(nvram_header_t); ptr = (char *) header + sizeof(nvram_header_t);
memset(ptr, 0xFF, NVRAM_SPACE - sizeof(nvram_header_t)); memset(ptr, 0xFF, nvram_part_size - h->offset - sizeof(nvram_header_t));
memset(&tmp, 0, sizeof(nvram_header_t)); memset(&tmp, 0, sizeof(nvram_header_t));
/* Leave space for a double NUL at the end */ /* Leave space for a double NUL at the end */
end = (char *) header + NVRAM_SPACE - 2; end = (char *) header + nvram_part_size - h->offset - 2;
/* Write out all tuples */ /* Write out all tuples */
for (i = 0; i < NVRAM_ARRAYSIZE(h->nvram_hash); i++) { for (i = 0; i < NVRAM_ARRAYSIZE(h->nvram_hash); i++) {