This is copying beyond the end of the destination buffer. Correct the code by using the size of the vesa_mode_info struct. We don't need to copy the rest of the bytes in the buffer.
This long-standing bug prevents virtio bootdevs working correctly on qemu-x86 at present.
Signed-off-by: Simon Glass sjg@chromium.org Fixes: 0ca2426beae ("x86: Add support for running option ROMs natively") Reviewed-by: Bin Meng bmeng.cn@gmail.com ---
Changes in v2: - Use sizeof(struct vesa_mode_info) instead
arch/x86/lib/bios.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/lib/bios.c b/arch/x86/lib/bios.c index e29cae78e509..f146bbd54227 100644 --- a/arch/x86/lib/bios.c +++ b/arch/x86/lib/bios.c @@ -204,7 +204,7 @@ static u8 vbe_get_mode_info(struct vesa_state *mi)
realmode_interrupt(0x10, VESA_GET_MODE_INFO, 0x0000, mi->video_mode, 0x0000, buffer_seg, buffer_adr); - memcpy(mi->mode_info_block, buffer, sizeof(struct vesa_state)); + memcpy(mi->mode_info_block, buffer, sizeof(struct vesa_mode_info)); mi->valid = true;
return 0;