From mboxrd@z Thu Jan  1 00:00:00 1970
From: Wolfgang Denk <wd@denx.de>
Date: Wed, 20 Oct 2010 09:15:45 +0200
Subject: [U-Boot] [PATCH] FAT: buffer overflow with FAT12/16
In-Reply-To: <1287557505-3955-1-git-send-email-sbabic@denx.de>
References: <1287557505-3955-1-git-send-email-sbabic@denx.de>
Message-ID: <20101020071545.A15531361A8@gemini.denx.de>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

Dear Stefano Babic,

In message <1287557505-3955-1-git-send-email-sbabic@denx.de> you wrote:
> Last commit 3831530dcb7b71329c272ccd6181f8038b6a6dd0a was intended
> "explicitly specify FAT12/16 root directory parsing buffer size, instead
> of relying on cluster size". Howver, the underlying function requires
> the size of the buffer in blocks, not in bytes, and instead of passing
> a double sector size a request for 1024 blocks is sent. This generates
> a buffer overflow with overwriting of other structure (in the case seen,
> USB structures were overwritten).
> 
> Signed-off-by: Stefano Babic <sbabic@denx.de>
> CC: Mikhail Zolotaryov <lebon@lebon.org.ua>
> 
> ---
>  fs/fat/fat.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)

Nice catch!

Applied, thanks.

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
Never worry about theory as long as  the  machinery  does  what  it's
supposed to do.                                      - R. A. Heinlein