Robert Jarzmik <robert.jarzmik@xxxxxxx> writes:
> diff --git a/commands/splash.c b/commands/splash.c
> index 65dd530..b0830fb 100644
> --- a/commands/splash.c
> +++ b/commands/splash.c
> @@ -49,6 +49,8 @@ static int do_splash(int argc, char *argv[])
> }
> image_file = argv[optind];
>
> + memset(&sc, 0, sizeof(sc));
> + memset(&s, 0, sizeof(s));
This last memset is misplaced actually, it should be far upper in the funciton.
So the correct patch would be :
----8>----
>From ea8d7e02533bea9908d8a56ef6b59483f65a3530 Mon Sep 17 00:00:00 2001
From: Robert Jarzmik <robert.jarzmik@xxxxxxx>
Date: Tue, 20 Nov 2012 21:33:49 +0100
Subject: [PATCH] splash: fix splash breakage
Commit 3fa8d74a introduced structures screen and surface.
Unfortunately, these structures are allocated on the stack,
and not initialized.
As a consequence, sc->offscreen might contain a random
value, which is used later for memcpy operations, corrupting
memory.
Fix it by initializing the structures.
Signed-off-by: Robert Jarzmik <robert.jarzmik@xxxxxxx>
---
commands/splash.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/commands/splash.c b/commands/splash.c
index 65dd530..370c3a2 100644
--- a/commands/splash.c
+++ b/commands/splash.c
@@ -19,6 +19,7 @@ static int do_splash(int argc, char *argv[])
u32 bg_color = 0x00000000;
bool do_bg = false;
+ memset(&s, 0, sizeof(s));
s.x = -1;
s.y = -1;
s.width = -1;
@@ -49,6 +50,7 @@ static int do_splash(int argc, char *argv[])
}
image_file = argv[optind];
+ memset(&sc, 0, sizeof(sc));
fd = fb_open(fbdev, &sc, offscreen);
if (fd < 0) {
perror("fd_open");
--
1.7.10.4
--
Robert
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
