On Wed, Nov 11, 2009 at 4:06 PM, Peter Stuge <pe...@stuge.se> wrote: > Myles Watson wrote: >> How about this: >> >> Index: src/arch/i386/boot/coreboot_table.c >> =================================================================== >> --- src/arch/i386/boot/coreboot_table.c (revision 4931) >> +++ src/arch/i386/boot/coreboot_table.c (working copy) >> @@ -485,11 +485,10 @@ >> >> #if (CONFIG_HAVE_OPTION_TABLE == 1) >> { >> - struct lb_record *rec_dest, *rec_src; >> - /* Write the option config table... */ >> + struct lb_record *rec_dest; >> + /* Copy the option config table, it's already a lb_record... */ >> rec_dest = lb_new_record(head); >> - rec_src = (struct lb_record *)(void *)&option_table; >> - memcpy(rec_dest, rec_src, rec_src->size); >> + memcpy(rec_dest, &option_table, sizeof(option_table)); > > It is completely unclear to me why it is safe to write beyond the > struct lb_record lb_record is just the header. The data follows it, but isn't a member of the struct.
> (maybe it is an elaborate side-effect of the call to > lb_new_record()?) I think lb_new_record uses the size to find the next header location. Is that what you meant? > Acked-by: Peter Stuge <pe...@stuge.se> Rev 4935. Thanks, Myles -- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot