fs: cbfs: fix locating the cbfs header

The value at the end of the rom is not a pointer, it is an offset relative to the end of rom. Signed-off-by: Andre Heider <[email protected]>
adamheinrich · Mar 31, 2018 · 4468317 · 4468317
1 parent 33222c8
commit 4468317
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/fs/cbfs/cbfs.c b/fs/cbfs/cbfs.c
@@ -168,9 +168,9 @@ static int file_cbfs_load_header(uintptr_t end_of_rom,
 				 struct cbfs_header *header)
 {
 	struct cbfs_header *header_in_rom;
+	int32_t offset = *(u32 *)(end_of_rom - 3);
 
-	header_in_rom = (struct cbfs_header *)(uintptr_t)
-			*(u32 *)(end_of_rom - 3);
+	header_in_rom = (struct cbfs_header *)(end_of_rom + offset + 1);
 	swap_header(header, header_in_rom);
 
 	if (header->magic != good_magic || header->offset >