diff options
| author | Raymond Mao <[email protected]> | 2025-07-18 07:16:16 -0700 |
|---|---|---|
| committer | Tom Rini <[email protected]> | 2026-04-27 09:42:36 -0600 |
| commit | 63cc797a7e89a2543c9997a271ad8f02b04a6777 (patch) | |
| tree | 5a16203879714c5be6610017013f1603e357e940 | |
| parent | ad82e750fd2af6d7f098e78e70cbba1678e84b2f (diff) | |
bloblist: fix a potential negative size for memmove
It causes a panic when blob is shrunk and 'new_alloced' is less than
'next_ofs'. The data area that needs to be moved should end up at
'hdr->used_size'.
Fixes: 1fe59375498f ("bloblist: Support resizing a blob")
Signed-off-by: Raymond Mao <[email protected]>
Reviewed-by: Tom Rini <[email protected]>
Tested-by: Michal Simek <[email protected]>
| -rw-r--r-- | common/bloblist.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/common/bloblist.c b/common/bloblist.c index 488908f605e..550c0c78ffc 100644 --- a/common/bloblist.c +++ b/common/bloblist.c @@ -335,7 +335,7 @@ static int bloblist_resize_rec(struct bloblist_hdr *hdr, next_ofs = bloblist_blob_end_ofs(hdr, rec); if (next_ofs != hdr->used_size) { memmove((void *)hdr + next_ofs + expand_by, - (void *)hdr + next_ofs, new_alloced - next_ofs); + (void *)hdr + next_ofs, hdr->used_size - next_ofs); } hdr->used_size = new_alloced; |