device/oprom/realmode/x86: Fix memory corruption

The length of the memcpy is incorrect and this will cause the destination buffer to corrupt the following 2 bytes of data. BUG=none BRANCH=All TEST=build and boot on rambi, system boot up without error Change-Id: I96adf2555b01aa35bb38a2e0f221fc2b2e87a41b Signed-off-by: Zhuo-Hao Lee <zhuo-hao.lee@intel.com> Reviewed-on: https://chromium-review.googlesource.com/237510 Reviewed-by: Ryan Lin <ryan.lin@intel.com> Reviewed-by: Duncan Laurie <dlaurie@chromium.org> [Remove usage of macro `FIELD_SIZEOF(t, f)`.] Signed-off-by: Paul Menzel <paulepanter@users.sourceforge.net> Reviewed-on: http://review.coreboot.org/8227 Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Tested-by: build bot (Jenkins)
2014-12-24 11:13:34 +08:00 · 2014-12-24 11:13:34 +08:00 · 29445dc44e
parent 7e72abef1b
commit 29445dc44e
1 changed files with 1 additions and 1 deletions
--- a/src/device/oprom/realmode/x86.c
+++ b/src/device/oprom/realmode/x86.c
@ -233,7 +233,7 @@ static u8 vbe_get_mode_info(vbe_mode_info_t * mi)
 	u16 buffer_adr = ((unsigned long)buffer) & 0xffff;
 	realmode_interrupt(0x10, VESA_GET_MODE_INFO, 0x0000,
 			mi->video_mode, 0x0000, buffer_seg, buffer_adr);
-	memcpy(mi->mode_info_block, buffer, sizeof(vbe_mode_info_t));
+	memcpy(mi->mode_info_block, buffer, sizeof(mi->mode_info_block));
 	mode_info_valid = 1;
 	return 0;
 }