Chameleon

Issue 177: Buffer overflow in ramdisk

Reported by J Guerrero, Sep 6, 2011

In memory.h preboot_data address have a 64MB space before file load 
buffer address, so if we try to get more a preboot img bigger than 
that size we will have problems in the opened files or viceversa if 
we later open a file.

#define LOAD_ADDR         0x18100000
#define PREBOOT_DATA      0x1C100000

Attached a diff that check file size (value is hardcoded) so a 
better solution maybe to have in memory.h something like 

#define PREBOOT_LEN       0x04000000

and use this instead.

Comment 1 by armel cadet-petit, Sep 10, 2011

hi, i don't see any attached file ...

Comment 2 by JrCs, Dec 14, 2011

Can you attached the patch ?
Status: AwaitingInformation

Comment 3 by Cosmosis Jones, May 8, 2012

Status: Invalid

Created: 7 years 10 months ago by J Guerrero

Updated: 7 years 2 months ago

Status: Invalid

Followed by: 3 persons

Labels:
Priority:Medium
Type:Defect