From 1e58ead8db4d824dd386174b9730a8dd3549b573 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Rafa=C5=82=20Mi=C5=82ecki?= Date: Wed, 8 Jul 2015 04:55:04 +0000 Subject: [PATCH] nvram: fix "Segmentation fault" caused by setting memory out of buffer MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Some MTD partitions with NVRAM have content starting in the middle. In such case offset is set and nvram_header returns pointer to the middle. It means we have to respect offset when calculating remaining space. By the way use real MTD partition size (nvram_part_size variable) as we may want to bump NVRAM_SPACE in the (very near) future. Signed-off-by: Rafał Miłecki Backport of r46251 SVN-Revision: 46258 --- package/utils/nvram/src/nvram.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/utils/nvram/src/nvram.c b/package/utils/nvram/src/nvram.c index c4bcb1d4a6..c490597d4b 100644 --- a/package/utils/nvram/src/nvram.c +++ b/package/utils/nvram/src/nvram.c @@ -286,11 +286,11 @@ int nvram_commit(nvram_handle_t *h) /* Clear data area */ ptr = (char *) header + sizeof(nvram_header_t); - memset(ptr, 0xFF, NVRAM_SPACE - sizeof(nvram_header_t)); + memset(ptr, 0xFF, nvram_part_size - h->offset - sizeof(nvram_header_t)); memset(&tmp, 0, sizeof(nvram_header_t)); /* Leave space for a double NUL at the end */ - end = (char *) header + NVRAM_SPACE - 2; + end = (char *) header + nvram_part_size - h->offset - 2; /* Write out all tuples */ for (i = 0; i < NVRAM_ARRAYSIZE(h->nvram_hash); i++) { -- 2.30.2