From ccefbf320d89f8ba857c57296e9502e060d7ab9c Mon Sep 17 00:00:00 2001 From: Heinrich Schuchardt Date: Thu, 11 Jan 2024 07:34:08 +0100 Subject: [PATCH] smbios: buffer overflow when zeroing entry point A SMBIOS 3 entry point has a different length than an SMBIOS 2.1 entry point. Fixes: 70924294f375 ("smbios: Use SMBIOS 3.0 to support an address above 4GB") Fixes: 1c5f6fa3883d ("smbios: Drop support for SMBIOS2 tables") Addresses-Coverity-ID: 477212 ("Wrong sizeof argument") Signed-off-by: Heinrich Schuchardt Reviewed-by: Ilias Apalodimas --- lib/smbios.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/smbios.c b/lib/smbios.c index 41aa936c4c..25595f55ab 100644 --- a/lib/smbios.c +++ b/lib/smbios.c @@ -591,8 +591,8 @@ ulong write_smbios_table(ulong addr) table_addr = (ulong)map_sysmem(tables, 0); /* now go back and write the SMBIOS3 header */ - se = map_sysmem(start_addr, sizeof(struct smbios_entry)); - memset(se, '\0', sizeof(struct smbios_entry)); + se = map_sysmem(start_addr, sizeof(struct smbios3_entry)); + memset(se, '\0', sizeof(struct smbios3_entry)); memcpy(se->anchor, "_SM3_", 5); se->length = sizeof(struct smbios3_entry); se->major_ver = SMBIOS_MAJOR_VER; -- 2.39.5