From mboxrd@z Thu Jan 1 00:00:00 1970 From: Zhenzhong Duan Subject: [PATCH v2] Minor change to avoid potental overflow accessing pci option roms Date: Tue, 20 Aug 2013 14:38:19 +0800 Message-ID: <52130EDB.2060602@oracle.com> Reply-To: zhenzhong.duan@oracle.com Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: xen-devel Cc: Feng Jin , Ian Jackson , Ian Campbell , Stefano Stabellini List-Id: xen-devel@lists.xenproject.org When scan pci option roms space, there is possibility to access beyond OPTIONROM_PHYSICAL_END for 2K. This patch makes the code robust though there are other checks such as 0x55AA signature. Bug was found by code inspection. v2: Add description per Konrad's suggestion, thanks. Signed-off-by: Zhenzhong Duan --- tools/firmware/rombios/rombios.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/firmware/rombios/rombios.c b/tools/firmware/rombios/rombios.c index 057aced..f5ac33e 100644 --- a/tools/firmware/rombios/rombios.c +++ b/tools/firmware/rombios/rombios.c @@ -10648,7 +10648,7 @@ rom_scan_increment: add cx, ax pop ax ;; Restore AX cmp cx, ax - jbe rom_scan_loop + jb rom_scan_loop xor ax, ax ;; Restore DS back to 0000: mov ds, ax @@ -11022,7 +11022,7 @@ post_default_ints: call post_init_pic mov cx, #0xc000 ;; init vga bios - mov ax, #0xc780 + mov ax, #0xc800 call rom_scan call _print_bios_banner -- 1.7.3