[modrom] Avoid clobbering near jump with checksum

A jump instruction starts at the third byte of an option ROM image, and
it is required that the bytes in the whole image add up to zero. To
achieve this, a checksum byte is usually placed after the jump. The jump
can be either a short jump (2 bytes, EB xx) or a near jump (3 bytes,
E9 xx xx). gPXE's romprefix.S uses a near jump, but modrom.pl assumed
a short jump, and clobbered the high byte of the offset. This caused
modrom-modified gPXE ROM images to crash the system during POST.

Fix by making modrom.pl place the checksum at byte 6, like makerom.pl does.

Signed-off-by: Marty Connor <mdc@etherboot.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/src/util/modrom.pl b/src/util/modrom.pl
index 695468c2..cdac0b97 100755
--- a/src/util/modrom.pl
+++ b/src/util/modrom.pl
@@ -131,9 +131,9 @@ sub writerom ($$) {
 sub checksum ($) {
 	my ($romref) = @_;
 
-	substr($$romref, 5, 1) = "\x00";
+	substr($$romref, 6, 1) = "\x00";
 	my $sum = unpack('%8C*', $$romref);
-	substr($$romref, 5, 1) = chr(256 - $sum);
+	substr($$romref, 6, 1) = chr(256 - $sum);
 	# Double check
 	$sum = unpack('%8C*', $$romref);
 	if ($sum != 0) {