From mboxrd@z Thu Jan  1 00:00:00 1970
From: Simon Glass <sjg@chromium.org>
Date: Sat, 29 Dec 2018 06:39:52 -0700
Subject: [U-Boot] [PATCH 2/4] fs: cbfs: Fix out of bound access during
	CBFS walking through
In-Reply-To: <1545472551-15790-2-git-send-email-bmeng.cn@gmail.com>
References: <1545472551-15790-1-git-send-email-bmeng.cn@gmail.com>
 <1545472551-15790-2-git-send-email-bmeng.cn@gmail.com>
Message-ID: <CAPnjgZ1S+m086i8fds2=-JoY7O4kqH+eAcAmTA4epoe+1RXEdw@mail.gmail.com>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

On Sat, 22 Dec 2018 at 02:50, Bin Meng <bmeng.cn@gmail.com> wrote:
>
> The call to file_cbfs_fill_cache() is given with the parameter
> 'start' pointing to the offset by the CBFS base address, but
> with the parameter 'size' that equals to the whole CBFS size.
> During CBFS walking through, it checks files one by one and
> after it pass over the end of the CBFS which is 4GiB boundary
> it tries to check files from address 0 and so on, until the
> overall size the codes checked hits to the given 'size'.
>
> Fix this by passing 'start' pointing to the CBFS base address.
>
> Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
> ---
>
>  fs/cbfs/cbfs.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

Reviewed-by: Simon Glass <sjg@chromium.org>