diff options
author | Rafał Miłecki <zajec5@gmail.com> | 2015-07-08 04:55:04 +0000 |
---|---|---|
committer | Rafał Miłecki <zajec5@gmail.com> | 2015-07-08 04:55:04 +0000 |
commit | 1cd7850184584f241033fc5c4a3ee2357a74065f (patch) | |
tree | 825bdaf90073ed354b7621124144877647b610b0 | |
parent | e1412180263cb60e277a73ceb80f8776c25a0940 (diff) | |
download | upstream-1cd7850184584f241033fc5c4a3ee2357a74065f.tar.gz upstream-1cd7850184584f241033fc5c4a3ee2357a74065f.tar.bz2 upstream-1cd7850184584f241033fc5c4a3ee2357a74065f.zip |
nvram: fix "Segmentation fault" caused by setting memory out of buffer
Some MTD partitions with NVRAM have content starting in the middle. In
such case offset is set and nvram_header returns pointer to the middle.
It means we have to respect offset when calculating remaining space.
By the way use real MTD partition size (nvram_part_size variable) as we
may want to bump NVRAM_SPACE in the (very near) future.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Backport of r46251
git-svn-id: svn://svn.openwrt.org/openwrt/branches/chaos_calmer@46258 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r-- | package/utils/nvram/src/nvram.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/package/utils/nvram/src/nvram.c b/package/utils/nvram/src/nvram.c index c4bcb1d4a6..c490597d4b 100644 --- a/package/utils/nvram/src/nvram.c +++ b/package/utils/nvram/src/nvram.c @@ -286,11 +286,11 @@ int nvram_commit(nvram_handle_t *h) /* Clear data area */ ptr = (char *) header + sizeof(nvram_header_t); - memset(ptr, 0xFF, NVRAM_SPACE - sizeof(nvram_header_t)); + memset(ptr, 0xFF, nvram_part_size - h->offset - sizeof(nvram_header_t)); memset(&tmp, 0, sizeof(nvram_header_t)); /* Leave space for a double NUL at the end */ - end = (char *) header + NVRAM_SPACE - 2; + end = (char *) header + nvram_part_size - h->offset - 2; /* Write out all tuples */ for (i = 0; i < NVRAM_ARRAYSIZE(h->nvram_hash); i++) { |