On Tue, Aug 03, 2021 at 04:28:38PM +0200, Pali Rohár wrote:
> Variable xyz.len is set to -1 on error. At the end xyzModem_stream_read()
> function calls memcpy() with length from variable xyz.len. If this variable
> is set to -1 then value passed to memcpy is casted to unsigned value, which
>
On 03.08.21 16:28, Pali Rohár wrote:
Variable xyz.len is set to -1 on error. At the end xyzModem_stream_read()
function calls memcpy() with length from variable xyz.len. If this variable
is set to -1 then value passed to memcpy is casted to unsigned value, which
means to copy whole address
Variable xyz.len is set to -1 on error. At the end xyzModem_stream_read()
function calls memcpy() with length from variable xyz.len. If this variable
is set to -1 then value passed to memcpy is casted to unsigned value, which
means to copy whole address space. Which then cause U-Boot crash. E.g.
3 matches
Mail list logo
