Fix access to mem_rsrv in kexec/arch/ppc64/fs2dt.c:reserve()
* Make sure that mem_rsrv is initilised as 0 terminated
* Make sure that mem_rsrv is not overrun when new elements are added.
Signed-off-by: Simon Horman <[EMAIL PROTECTED]>
Index: kexec-tools-testing/kexec/arch/ppc64/fs2dt.c
===================================================================
--- kexec-tools-testing.orig/kexec/arch/ppc64/fs2dt.c 2006-12-08
16:59:39.000000000 +0900
+++ kexec-tools-testing/kexec/arch/ppc64/fs2dt.c 2006-12-08
17:05:13.000000000 +0900
@@ -60,7 +60,7 @@
static char pathname[MAXPATH], *pathstart;
static char propnames[NAMESPACE] = { 0 };
static unsigned dtstruct[TREEWORDS], *dt;
-static unsigned long long mem_rsrv[2*MEMRESERVE];
+static unsigned long long mem_rsrv[2*MEMRESERVE] = { 0, 0 };
static int initrd_found = 0;
static int crash_param = 0;
@@ -72,15 +72,17 @@
void reserve(unsigned long long where, unsigned long long length)
{
- unsigned long long *mr;
+ size_t offset;
- mr = mem_rsrv;
+ for (offset = 0; mem_rsrv[offset + 1]; offset += 2)
+ ;
- while(mr[1])
- mr += 2;
+ if (offset + 4 >= 2 * MEMRESERVE)
+ err("exhasuted reservation meta data", ERR_RESERVE);
- mr[0] = where;
- mr[1] = length;
+ mem_rsrv[offset] = where;
+ mem_rsrv[offset + 1] = length;
+ mem_rsrv[offset + 3] = 0; /* N.B: don't care about offset + 2 */
}
/* look for properties we need to reserve memory space for */
--
--
Horms
H: http://www.vergenet.net/~horms/
W: http://www.valinux.co.jp/en/
_______________________________________________
fastboot mailing list
[email protected]
https://lists.osdl.org/mailman/listinfo/fastboot
