diff options
| author | Haojian Zhuang <haojian.zhuang@linaro.org> | 2018-02-11 18:42:12 +0800 |
|---|---|---|
| committer | Haojian Zhuang <haojian.zhuang@linaro.org> | 2018-02-11 19:21:56 +0800 |
| commit | 425a1820ddc910193b1feb35e4a2acaea5054c31 (patch) | |
| tree | d4d9166ac503730e99a0b8282d9310f23ab8c123 | |
| parent | feefaa5a352e27cc3f56195f19b034f12b0d6767 (diff) | |
| download | edk2-425a1820ddc910193b1feb35e4a2acaea5054c31.tar.gz | |
EmbeddedPkg/AndroidFastbootApp: fix overflow on fill buf
Fix overflow on fill buffer.
Signed-off-by: Haojian Zhuang <haojian.zhuang@linaro.org>
| -rw-r--r-- | EmbeddedPkg/Application/AndroidFastboot/AndroidFastbootApp.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/EmbeddedPkg/Application/AndroidFastboot/AndroidFastbootApp.c b/EmbeddedPkg/Application/AndroidFastboot/AndroidFastbootApp.c index 849553630..564965685 100644 --- a/EmbeddedPkg/Application/AndroidFastboot/AndroidFastbootApp.c +++ b/EmbeddedPkg/Application/AndroidFastboot/AndroidFastbootApp.c @@ -180,7 +180,7 @@ FlashSparseImage ( )
{
EFI_STATUS Status = EFI_SUCCESS;
- UINTN Chunk, Offset = 0, Index;
+ UINTN Chunk, Offset = 0, Left, Count;
VOID *Image;
CHUNK_HEADER *ChunkHeader;
UINT32 FillBuf[FILL_BUF_SIZE];
@@ -209,20 +209,27 @@ FlashSparseImage ( Offset += ChunkHeader->ChunkSize * SparseHeader->BlockSize;
break;
case CHUNK_TYPE_FILL:
- SetMem32 (FillBuf, FILL_BUF_SIZE * sizeof (UINT32), *(UINT32 *)Image);
- Image += sizeof (UINT32);
- for (Index = 0; Index < ChunkHeader->ChunkSize; Index++) {
+ Left = ChunkHeader->ChunkSize * SparseHeader->BlockSize;
+ while (Left > 0) {
+ if (Left > FILL_BUF_SIZE * sizeof (UINT32)) {
+ Count = FILL_BUF_SIZE * sizeof (UINT32);
+ } else {
+ Count = Left;
+ }
+ SetMem32 (FillBuf, Count, *(UINT32 *)Image);
Status = mPlatform->FlashPartitionEx (
PartitionName,
Offset,
- SparseHeader->BlockSize,
+ Count,
FillBuf
);
if (EFI_ERROR (Status)) {
return Status;
}
- Offset += SparseHeader->BlockSize;
+ Offset += Count;
+ Left = Left - Count;
}
+ Image += sizeof (UINT32);
break;
case CHUNK_TYPE_DONT_CARE:
Offset += ChunkHeader->ChunkSize * SparseHeader->BlockSize;
|