efi_loader: Fix relocations above 64kb image size
authorAlexander Graf <agraf@suse.de>
Thu, 18 Aug 2016 21:45:18 +0000 (23:45 +0200)
committerTom Rini <trini@konsulko.com>
Sat, 20 Aug 2016 18:03:27 +0000 (14:03 -0400)
We were truncating the image offset within the target image to 16 bits
which again meant that we were potentially overwriting random memory
in the lower 16 bits of the image.

This patch casts the offset to a more reasonable 32bits.

With this applied, I can successfully see Shell.efi assert because it
can't find a protocol it expects to be available.

Signed-off-by: Alexander Graf <agraf@suse.de>
lib/efi_loader/efi_image_loader.c

index 574b204f23d40dd332e242907010131dff40aebb..5165377eee662cd5dbf3101c85b5f4e2829efd76 100644 (file)
@@ -37,7 +37,7 @@ static void efi_loader_relocate(const IMAGE_BASE_RELOCATION *rel,
                const uint16_t *relocs = (const uint16_t *)(rel + 1);
                i = (rel->SizeOfBlock - sizeof(*rel)) / sizeof(uint16_t);
                while (i--) {
-                       uint16_t offset = (*relocs & 0xfff) +
+                       uint32_t offset = (uint32_t)(*relocs & 0xfff) +
                                          rel->VirtualAddress;
                        int type = *relocs >> EFI_PAGE_SHIFT;
                        unsigned long delta = (unsigned long)efi_reloc;