x86: Correct copying of BIOS mode information

This is copying beyond the end of the destination buffer. Correct the code
by using the size of the  vesa_mode_info struct. We don't need to copy the
rest of the bytes in the buffer.

This long-standing bug prevents virtio bootdevs working correctly on
qemu-x86 at present.

Fixes: 0ca2426beae ("x86: Add support for running option ROMs natively")
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com> # qemu-x86_64

diff --git a/arch/x86/lib/bios.c b/arch/x86/lib/bios.c
index e29cae78e509a32707114449a927ed410880b8cc..f146bbd542277d3e968b10071d3369acef41230d 100644 (file)
--- a/arch/x86/lib/bios.c
+++ b/arch/x86/lib/bios.c
@@ -204,7 +204,7 @@ static u8 vbe_get_mode_info(struct vesa_state *mi)
 
        realmode_interrupt(0x10, VESA_GET_MODE_INFO, 0x0000, mi->video_mode,
                           0x0000, buffer_seg, buffer_adr);
-       memcpy(mi->mode_info_block, buffer, sizeof(struct vesa_state));
+       memcpy(mi->mode_info_block, buffer, sizeof(struct vesa_mode_info));
        mi->valid = true;
 
        return 0;