fs: cbfs: fix locating the cbfs header
authorAndre Heider <a.heider@gmail.com>
Thu, 15 Feb 2018 06:40:11 +0000 (07:40 +0100)
committerSimon Glass <sjg@chromium.org>
Sat, 31 Mar 2018 08:00:03 +0000 (16:00 +0800)
The value at the end of the rom is not a pointer, it is an offset
relative to the end of rom.

Signed-off-by: Andre Heider <a.heider@gmail.com>
fs/cbfs/cbfs.c

index 6e1107d751bc63b7c0603bda218234c41d8cd03d..46da8f134fa77aecf9e48f7a5921186cdcd5bfe5 100644 (file)
@@ -168,9 +168,9 @@ static int file_cbfs_load_header(uintptr_t end_of_rom,
                                 struct cbfs_header *header)
 {
        struct cbfs_header *header_in_rom;
+       int32_t offset = *(u32 *)(end_of_rom - 3);
 
-       header_in_rom = (struct cbfs_header *)(uintptr_t)
-                       *(u32 *)(end_of_rom - 3);
+       header_in_rom = (struct cbfs_header *)(end_of_rom + offset + 1);
        swap_header(header, header_in_rom);
 
        if (header->magic != good_magic || header->offset >