From: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Date: Thu, 11 Jan 2024 06:34:08 +0000 (+0100)
Subject: smbios: buffer overflow when zeroing entry point
X-Git-Url: http://git.dujemihanovic.xyz/%22http:/www.sics.se/static/git-logo.png?a=commitdiff_plain;h=ccefbf320d89f8ba857c57296e9502e060d7ab9c;p=u-boot.git

smbios: buffer overflow when zeroing entry point

A SMBIOS 3 entry point has a different length than an SMBIOS 2.1 entry
point.

Fixes: 70924294f375 ("smbios: Use SMBIOS 3.0 to support an address above 4GB")
Fixes: 1c5f6fa3883d ("smbios: Drop support for SMBIOS2 tables")
Addresses-Coverity-ID: 477212 ("Wrong sizeof argument")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---

diff --git a/lib/smbios.c b/lib/smbios.c
index 41aa936c4c..25595f55ab 100644
--- a/lib/smbios.c
+++ b/lib/smbios.c
@@ -591,8 +591,8 @@ ulong write_smbios_table(ulong addr)
 	table_addr = (ulong)map_sysmem(tables, 0);
 
 	/* now go back and write the SMBIOS3 header */
-	se = map_sysmem(start_addr, sizeof(struct smbios_entry));
-	memset(se, '\0', sizeof(struct smbios_entry));
+	se = map_sysmem(start_addr, sizeof(struct smbios3_entry));
+	memset(se, '\0', sizeof(struct smbios3_entry));
 	memcpy(se->anchor, "_SM3_", 5);
 	se->length = sizeof(struct smbios3_entry);
 	se->major_ver = SMBIOS_MAJOR_VER;