From b0b0b8f65c478c3b7f17064c7916db7873b33248 Mon Sep 17 00:00:00 2001 From: Joshua Oreman Date: Wed, 7 Oct 2009 16:40:49 -0400 Subject: [PATCH] [modrom] Avoid clobbering near jump with checksum A jump instruction starts at the third byte of an option ROM image, and it is required that the bytes in the whole image add up to zero. To achieve this, a checksum byte is usually placed after the jump. The jump can be either a short jump (2 bytes, EB xx) or a near jump (3 bytes, E9 xx xx). gPXE's romprefix.S uses a near jump, but modrom.pl assumed a short jump, and clobbered the high byte of the offset. This caused modrom-modified gPXE ROM images to crash the system during POST. Fix by making modrom.pl place the checksum at byte 6, like makerom.pl does. Signed-off-by: Marty Connor --- src/util/modrom.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/modrom.pl b/src/util/modrom.pl index 695468c2..cdac0b97 100755 --- a/src/util/modrom.pl +++ b/src/util/modrom.pl @@ -131,9 +131,9 @@ sub writerom ($$) { sub checksum ($) { my ($romref) = @_; - substr($$romref, 5, 1) = "\x00"; + substr($$romref, 6, 1) = "\x00"; my $sum = unpack('%8C*', $$romref); - substr($$romref, 5, 1) = chr(256 - $sum); + substr($$romref, 6, 1) = chr(256 - $sum); # Double check $sum = unpack('%8C*', $$romref); if ($sum != 0) {