e31501c5ae
- Fix OVMF iPXE network menu (bsc#986033, boo#987488) ipxe-efi-fix-garbage-bytes-in-device-path.patch ipxe-efi-fix-uninitialised-data-in-HII.patch OBS-URL: https://build.opensuse.org/request/show/406664 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=302
36 lines
1.1 KiB
Diff
36 lines
1.1 KiB
Diff
From c9f6a8605955926017cdbe2fa99a4b72fd0985a2 Mon Sep 17 00:00:00 2001
|
|
From: Michael Brown <mcb30@ipxe.org>
|
|
Date: Wed, 29 Jun 2016 15:13:35 +0100
|
|
Subject: [PATCH] [efi] Fix uninitialised data in HII IFR structures
|
|
|
|
The HII IFR structures are allocated via realloc() rather than
|
|
zalloc(), and so are not automatically zeroed. This results in the
|
|
presence of uninitialised and invalid data, causing crashes elsewhere
|
|
in the UEFI firmware.
|
|
|
|
Fix by explicitly zeroing the newly allocated portion of any IFR
|
|
structure in efi_ifr_op().
|
|
|
|
Debugged-by: Laszlo Ersek <lersek@redhat.com>
|
|
Debugged-by: Gary Lin <glin@suse.com>
|
|
Signed-off-by: Michael Brown <mcb30@ipxe.org>
|
|
---
|
|
src/interface/efi/efi_hii.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/src/interface/efi/efi_hii.c b/src/interface/efi/efi_hii.c
|
|
index 0ea970e..506fc88 100644
|
|
--- a/src/interface/efi/efi_hii.c
|
|
+++ b/src/interface/efi/efi_hii.c
|
|
@@ -117,6 +117,7 @@ static void * efi_ifr_op ( struct efi_ifr_builder *ifr, unsigned int opcode,
|
|
ifr->ops_len = new_ops_len;
|
|
|
|
/* Fill in opcode header */
|
|
+ memset ( op, 0, len );
|
|
op->OpCode = opcode;
|
|
op->Length = len;
|
|
|
|
--
|
|
2.8.4
|
|
|