On Mon, Jul 24, 2023 at 10:52 PM Simon Glass <s...@chromium.org> wrote: > > This is copying beyond the end of the destination buffer. Correct the code > by using a constant for the buffer size. > > This long-standing bug prevents virtio bootdevs working correctly on > qemu-x86 at present.
Nice catch! > > Signed-off-by: Simon Glass <s...@chromium.org> > Fixes: 0ca2426beae ("x86: Add support for running option ROMs natively") > --- > > arch/x86/lib/bios.c | 2 +- > include/vesa.h | 4 +++- > 2 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/arch/x86/lib/bios.c b/arch/x86/lib/bios.c > index e29cae78e509..3a9d7f5ddd41 100644 > --- a/arch/x86/lib/bios.c > +++ b/arch/x86/lib/bios.c > @@ -204,7 +204,7 @@ static u8 vbe_get_mode_info(struct vesa_state *mi) > > realmode_interrupt(0x10, VESA_GET_MODE_INFO, 0x0000, mi->video_mode, > 0x0000, buffer_seg, buffer_adr); > - memcpy(mi->mode_info_block, buffer, sizeof(struct vesa_state)); > + memcpy(mi->mode_info_block, buffer, VESA_MODE_INFO_SIZE); or "sizeof(struct vesa_mode_info)" > mi->valid = true; > > return 0; > diff --git a/include/vesa.h b/include/vesa.h > index 9285bfa921a2..28828ab56aa4 100644 > --- a/include/vesa.h > +++ b/include/vesa.h > @@ -83,12 +83,14 @@ struct __packed vesa_mode_info { > u8 reserved[206]; > }; > > +#define VESA_MODE_INFO_SIZE 256 > + > struct vesa_state { > u16 video_mode; > bool valid; > union { > struct vesa_mode_info vesa; > - u8 mode_info_block[256]; > + u8 mode_info_block[VESA_MODE_INFO_SIZE]; > }; > }; > Reviewed-by: Bin Meng <bmeng...@gmail.com>