While nothing presently examines the destination size, it should at
least be correct so that future users of sys_mapmem() will not be
surprised. Without this, it might be possible to overflow memory.
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Simon Glass <sjg@chromium.org>
const char *type_name = genimg_get_type_name(os.type);
- load_buf = map_sysmem(load, image_len);
+ load_buf = map_sysmem(load, unc_len);
image_buf = map_sysmem(image_start, image_len);
switch (comp) {
case IH_COMP_NONE: