1. Patchew
  2. Seabios
  3. View series

[SeaBIOS] [PATCH] fix smbios blob length overflow

Igor Mammedov posted 1 patch 2 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/seabios tags/patchew/20240223150522.1488719-1-imammedo@redhat.com
src/fw/biostables.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[SeaBIOS] [PATCH] fix smbios blob length overflow
Posted by Igor Mammedov 2 months ago 
When tables are more than 64K, size of copied tables will be
truncated due to cast from u32 to u16, and as result only
a small portion of the tables will be copied in the end.
That leads to corrupted tables (a part from QEMU and
remainder is whatever was in memory block allocated for
the tables).

Fix it by making qtables_len 32bit int.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
---
 src/fw/biostables.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/fw/biostables.c b/src/fw/biostables.c
index 1c09a785..90712d4b 100644
--- a/src/fw/biostables.c
+++ b/src/fw/biostables.c
@@ -499,7 +499,7 @@ smbios_build_tables(struct romfile_s *f_tables,
                     u16 *number_of_structures)
 {
     struct smbios_type_0 *t0;
-    u16 qtables_len, need_t0 = 1;
+    u32 qtables_len, need_t0 = 1;
     u8 *qtables, *tables;
 
     if (f_tables->size != *length)
-- 
2.39.3

_______________________________________________
SeaBIOS mailing list -- seabios@seabios.org
To unsubscribe send an email to seabios-leave@seabios.org
[SeaBIOS] Re: [PATCH] fix smbios blob length overflow
Posted by Kevin O'Connor 1 month, 3 weeks ago 
On Fri, Feb 23, 2024 at 04:05:22PM +0100, Igor Mammedov wrote:
> When tables are more than 64K, size of copied tables will be
> truncated due to cast from u32 to u16, and as result only
> a small portion of the tables will be copied in the end.
> That leads to corrupted tables (a part from QEMU and
> remainder is whatever was in memory block allocated for
> the tables).
> 
> Fix it by making qtables_len 32bit int.

Thanks.  I committed this change.

-Kevin
_______________________________________________
SeaBIOS mailing list -- seabios@seabios.org
To unsubscribe send an email to seabios-leave@seabios.org
[SeaBIOS] Re: [PATCH] fix smbios blob length overflow
Posted by Kevin O'Connor 2 months ago 
On Fri, Feb 23, 2024 at 04:05:22PM +0100, Igor Mammedov wrote:
> When tables are more than 64K, size of copied tables will be
> truncated due to cast from u32 to u16, and as result only
> a small portion of the tables will be copied in the end.
> That leads to corrupted tables (a part from QEMU and
> remainder is whatever was in memory block allocated for
> the tables).
> 
> Fix it by making qtables_len 32bit int.
> 
> Signed-off-by: Igor Mammedov <imammedo@redhat.com>

Thanks.  Seems fine to me.  If there are no further comments I'll look
to commit in a couple of days.

-Kevin
_______________________________________________
SeaBIOS mailing list -- seabios@seabios.org
To unsubscribe send an email to seabios-leave@seabios.org

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.