From c37b05c41339acbeee00bd65c13b8a97b16854ce Mon Sep 17 00:00:00 2001 From: Patrick Georgi Date: Mon, 11 Nov 2013 15:16:53 +0100 Subject: [PATCH] nvramtool: write size field more obviously The field wasn't initialized in RAM first and later overwritten in a somewhat twisted way (that relied on the size field coming after the tag field in the struct). Change-Id: Ibe931b297df51e3c46ae163e059338781f5a27e2 Found-by: Coverity Scan Signed-off-by: Patrick Georgi Reviewed-on: http://review.coreboot.org/4087 Reviewed-by: Stefan Reinauer Tested-by: build bot (Jenkins) --- util/nvramtool/accessors/layout-bin.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/util/nvramtool/accessors/layout-bin.c b/util/nvramtool/accessors/layout-bin.c index fd3e08cdf0..4b7f8d6558 100644 --- a/util/nvramtool/accessors/layout-bin.c +++ b/util/nvramtool/accessors/layout-bin.c @@ -112,6 +112,7 @@ int write_cmos_layout_bin(FILE *f) sum += sizeof(table); table.header_length = sizeof(table); table.tag = LB_TAG_CMOS_OPTION_TABLE; + table.size = 0; if (fwrite((char *)&table, sizeof(table), 1, f) != 1) { perror("Error writing image file"); @@ -187,12 +188,13 @@ int write_cmos_layout_bin(FILE *f) goto err; } - if (fseek(f, sizeof(table.tag), SEEK_SET) != 0) { + if (fseek(f, 0, SEEK_SET) != 0) { perror("Error while seeking"); goto err; } - if (fwrite((char *)&sum, sizeof(table.tag), 1, f) != 1) { + table.size = sum; + if (fwrite((char *)&table, sizeof(table), 1, f) != 1) { perror("Error writing image file"); goto err; }