cbfstool: Properly handle EOF in update_fit step

During the update_fit step, 'file_length' is used to determine how many bytes are left in the CBFS file. It was decremented in a loop from an array 'mcus[num_mcus].size', but 'num_mcus' was incremented right before. Since 'mcus' is memset(0) externally, 'file_length' was never decremented. The loop exited when it reached a dummy terminator, usually 48 bytes of 0 which are internationally added to microcode blobs in coreboot. However, if that terminator is removed, the loop doesn't stop and continues until it segfaults. Change-Id: I840727add69379ffef75b694d90402ed89769e3b Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-on: http://review.coreboot.org/4508 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin <adurbin@google.com>
2013-12-08 17:46:40 -06:00 · 2013-12-08 17:46:40 -06:00 · f87c20a00d
parent 691b313c28
commit f87c20a00d
1 changed files with 1 additions and 1 deletions
--- a/util/cbfstool/fit.c
+++ b/util/cbfstool/fit.c
@ -216,8 +216,8 @@ static int parse_microcode_blob(struct cbfs_image *image,

 		/* Proceed to next payload. */
 		current_offset += mcus[num_mcus].size;
-		num_mcus++;
 		file_length -= mcus[num_mcus].size;
+		num_mcus++;

 		/* Reached limit of FIT entries. */
 		if (num_mcus == *total_mcus)