fix smbios blob length overflow

When tables are more than 64K, size of copied tables will be truncated due to cast from u32 to u16, and as result only a small portion of the tables will be copied in the end. That leads to corrupted tables (a part from QEMU and remainder is whatever was in memory block allocated for the tables). Fix it by making qtables_len 32bit int. Signed-off-by: Igor Mammedov <imammedo@redhat.com>
author: Igor Mammedov <imammedo@redhat.com> 2024-02-23 16:05:22 +0100
committer: Kevin O'Connor <kevin@koconnor.net> 2024-03-03 12:40:12 -0500
commit: 163fd9f0872f95366cfe34eb11568934c2d2fe29 (patch)
tree: 907caa26e431e131195ab3b0fa9c979927072e01
parent: 82faf1d5c8b25375b9029f2d6668135e62455a8c (diff)
download: seabios-163fd9f0872f95366cfe34eb11568934c2d2fe29.zip
seabios-163fd9f0872f95366cfe34eb11568934c2d2fe29.tar.gz
seabios-163fd9f0872f95366cfe34eb11568934c2d2fe29.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/fw/biostables.c b/src/fw/biostables.c
index 1c09a78..90712d4 100644
--- a/src/fw/biostables.c
+++ b/src/fw/biostables.c
@@ -499,7 +499,7 @@ smbios_build_tables(struct romfile_s *f_tables,
                     u16 *number_of_structures)
 {
     struct smbios_type_0 *t0;
-    u16 qtables_len, need_t0 = 1;
+    u32 qtables_len, need_t0 = 1;
     u8 *qtables, *tables;
 
     if (f_tables->size != *length)
author	Igor Mammedov <imammedo@redhat.com>	2024-02-23 16:05:22 +0100
committer	Kevin O'Connor <kevin@koconnor.net>	2024-03-03 12:40:12 -0500
commit	163fd9f0872f95366cfe34eb11568934c2d2fe29 (patch)
tree	907caa26e431e131195ab3b0fa9c979927072e01
parent	82faf1d5c8b25375b9029f2d6668135e62455a8c (diff)
download	seabios-163fd9f0872f95366cfe34eb11568934c2d2fe29.zip seabios-163fd9f0872f95366cfe34eb11568934c2d2fe29.tar.gz seabios-163fd9f0872f95366cfe34eb11568934c2d2fe29.tar.bz2