smbios: buffer overflow when zeroing entry point A SMBIOS 3 entry point has a different length than an SMBIOS 2.1 entry point. Fixes: 70924294f375 ("smbios: Use SMBIOS 3.0 to support an address above 4GB") Fixes: 1c5f6fa3883d ("smbios: Drop support for SMBIOS2 tables") Addresses-Coverity-ID: 477212 ("Wrong sizeof argument") Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

commit: ccefbf320d89f8ba857c57296e9502e060d7ab9c [log] [tgz]
author: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Thu Jan 11 07:34:08 2024 +0100
committer: Tom Rini <trini@konsulko.com> Thu Jan 18 20:24:13 2024 -0500
tree: 877751d1049d1c911aa8ff30ff2e3ba893b1720b
parent: 85946d69d6f5a309564e7e89386cfcaff75d0b86 [diff] [blame]
diff --git a/lib/smbios.c b/lib/smbios.c
index 41aa936..25595f5 100644
--- a/lib/smbios.c
+++ b/lib/smbios.c

@@ -591,8 +591,8 @@
 	table_addr = (ulong)map_sysmem(tables, 0);
 
 	/* now go back and write the SMBIOS3 header */
-	se = map_sysmem(start_addr, sizeof(struct smbios_entry));
-	memset(se, '\0', sizeof(struct smbios_entry));
+	se = map_sysmem(start_addr, sizeof(struct smbios3_entry));
+	memset(se, '\0', sizeof(struct smbios3_entry));
 	memcpy(se->anchor, "_SM3_", 5);
 	se->length = sizeof(struct smbios3_entry);
 	se->major_ver = SMBIOS_MAJOR_VER;
commit	ccefbf320d89f8ba857c57296e9502e060d7ab9c	[log] [tgz]
author	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	Thu Jan 11 07:34:08 2024 +0100
committer	Tom Rini <trini@konsulko.com>	Thu Jan 18 20:24:13 2024 -0500
tree	877751d1049d1c911aa8ff30ff2e3ba893b1720b
parent	85946d69d6f5a309564e7e89386cfcaff75d0b86 [diff] [blame]