diff options
| author | Joshua Oreman <oremanj@rwcr.net> | 2009-10-07 16:40:49 -0400 |
|---|---|---|
| committer | Marty Connor <mdc@etherboot.org> | 2009-10-15 14:47:54 -0400 |
| commit | b0b0b8f65c478c3b7f17064c7916db7873b33248 (patch) | |
| tree | ca458566d19d01582cbddf6bfda3550922c45895 | |
| parent | 3fa277920804b056ce72fd9ba0074a7ff7c871fa (diff) | |
| download | ipxe-b0b0b8f65c478c3b7f17064c7916db7873b33248.tar.gz | |
[modrom] Avoid clobbering near jump with checksum
A jump instruction starts at the third byte of an option ROM image, and
it is required that the bytes in the whole image add up to zero. To
achieve this, a checksum byte is usually placed after the jump. The jump
can be either a short jump (2 bytes, EB xx) or a near jump (3 bytes,
E9 xx xx). gPXE's romprefix.S uses a near jump, but modrom.pl assumed
a short jump, and clobbered the high byte of the offset. This caused
modrom-modified gPXE ROM images to crash the system during POST.
Fix by making modrom.pl place the checksum at byte 6, like makerom.pl does.
Signed-off-by: Marty Connor <mdc@etherboot.org>
| -rwxr-xr-x | src/util/modrom.pl | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/util/modrom.pl b/src/util/modrom.pl index 695468c26..cdac0b97e 100755 --- a/src/util/modrom.pl +++ b/src/util/modrom.pl @@ -131,9 +131,9 @@ sub writerom ($$) { sub checksum ($) { my ($romref) = @_; - substr($$romref, 5, 1) = "\x00"; + substr($$romref, 6, 1) = "\x00"; my $sum = unpack('%8C*', $$romref); - substr($$romref, 5, 1) = chr(256 - $sum); + substr($$romref, 6, 1) = chr(256 - $sum); # Double check $sum = unpack('%8C*', $$romref); if ($sum != 0) { |