From 35c22083e18175e3dc26396df6cf4b54c71384f9 Mon Sep 17 00:00:00 2001
From: rmilecki <rmilecki@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Tue, 7 Jul 2015 21:21:49 +0000
Subject: [PATCH] nvram: fix "Segmentation fault" caused by setting memory out
 of buffer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Some MTD partitions with NVRAM have content starting in the middle. In
such case offset is set and nvram_header returns pointer to the middle.
It means we have to respect offset when calculating remaining space.

By the way use real MTD partition size (nvram_part_size variable) as we
may want to bump NVRAM_SPACE in the (very near) future.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46251 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/utils/nvram/src/nvram.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/utils/nvram/src/nvram.c b/package/utils/nvram/src/nvram.c
index c4bcb1d4a6..c490597d4b 100644
--- a/package/utils/nvram/src/nvram.c
+++ b/package/utils/nvram/src/nvram.c
@@ -286,11 +286,11 @@ int nvram_commit(nvram_handle_t *h)
 
 	/* Clear data area */
 	ptr = (char *) header + sizeof(nvram_header_t);
-	memset(ptr, 0xFF, NVRAM_SPACE - sizeof(nvram_header_t));
+	memset(ptr, 0xFF, nvram_part_size - h->offset - sizeof(nvram_header_t));
 	memset(&tmp, 0, sizeof(nvram_header_t));
 
 	/* Leave space for a double NUL at the end */
-	end = (char *) header + NVRAM_SPACE - 2;
+	end = (char *) header + nvram_part_size - h->offset - 2;
 
 	/* Write out all tuples */
 	for (i = 0; i < NVRAM_ARRAYSIZE(h->nvram_hash); i++) {
-- 
GitLab