From ef0f63e3b0c56cd1f9abe27676792fd18356ffd1 Mon Sep 17 00:00:00 2001
From: Pavel Roskin <proski@gnu.org>
Date: Thu, 22 Jan 2009 23:20:20 -0500
Subject: [PATCH] Avoid accessing data beyond allocated buffer

---
 hfwget.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hfwget.c b/hfwget.c
index 184aeb0..f0dc3cd 100644
--- a/hfwget.c
+++ b/hfwget.c
@@ -581,7 +581,7 @@ static int macho_validate(const void *data)
 static u8* find_fwblock_entry(const u8 *data, const struct fw_layout *layout,
                               u32 addr)
 {
-    u32 *p = (u32*) (data + (layout->max_offset & 0xFFFFFFFCu));
+    u32 *p = (u32*) (data + ((layout->max_offset - 4u) & 0xFFFFFFFCu));
     bool found = false;
 
     printf("Now searching for driver's firmware block entry (0x%08x)...\n",
@@ -613,7 +613,7 @@ static struct fwtable_drv* find_fwtable_entry(const u8 *data,
                                               const struct fw_layout *layout,
                                               u32 fwblock)
 {
-    u32 *p = (u32*) (data + (layout->max_offset & 0xFFFFFFFCu));
+    u32 *p = (u32*) (data + ((layout->max_offset - 4u) & 0xFFFFFFFCu));
     struct fwtable_drv *firmware;
     bool found = false;
 
-- 
2.11.4.GIT