FAT: buffer overflow with FAT12/16
Last commit
3831530dcb7b71329c272ccd6181f8038b6a6dd0a was intended
"explicitly specify FAT12/16 root directory parsing buffer size, instead
of relying on cluster size". Howver, the underlying function requires
the size of the buffer in blocks, not in bytes, and instead of passing
a double sector size a request for 1024 blocks is sent. This generates
a buffer overflow with overwriting of other structure (in the case seen,
USB structures were overwritten).
Signed-off-by: Stefano Babic <sbabic@denx.de>
CC: Mikhail Zolotaryov <lebon@lebon.org.ua>
projects / people / ms / u-boot.git / commit
