diff options
author | Stefan Reinauer <reinauer@chromium.org> | 2012-09-25 13:30:48 -0700 |
---|---|---|
committer | Anton Kochkov <anton.kochkov@gmail.com> | 2012-11-09 02:07:08 +0100 |
commit | 5e93b37310abe92ba101a32fe66c9e02f8d887e9 (patch) | |
tree | 4e0041b30540ed5d2a5eea7b245e89d3b1003341 | |
parent | 6604ceb6a06745af1a4f4ce5d28b08b8a7bb57de (diff) | |
download | coreboot-5e93b37310abe92ba101a32fe66c9e02f8d887e9.tar.xz |
Fix Segmentation Fault in ifdtool
If a section is bigger than the FD file it is injected into, and the FD
lies about the size of the FD file, ifdtool would crash because reading
in the section writes beyound the FD file in memory.
Change-Id: Idcfac2b1e2b5907fad34799e44a8abfd89190fcc
Signed-off-by: Stefan Reinauer <reinauer@google.com>
Reviewed-on: http://review.coreboot.org/1754
Tested-by: build bot (Jenkins)
Reviewed-by: Anton Kochkov <anton.kochkov@gmail.com>
-rw-r--r-- | util/ifdtool/ifdtool.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/util/ifdtool/ifdtool.c b/util/ifdtool/ifdtool.c index 1b418d10b8..1a8bf85059 100644 --- a/util/ifdtool/ifdtool.c +++ b/util/ifdtool/ifdtool.c @@ -397,6 +397,12 @@ void inject_region(char *filename, char *image, int size, int region_type, memset(image + region.base, 0xff, offset); } + if (size < region.base + offset + region_size) { + fprintf(stderr, "Output file is too small. (%d < %d)\n", + size, region.base + offset + region_size); + exit(EXIT_FAILURE); + } + if (read(region_fd, image + region.base + offset, region_size) != region_size) { perror("Could not read file"); |