summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Reinauer <reinauer@chromium.org>2012-09-25 13:30:48 -0700
committerAnton Kochkov <anton.kochkov@gmail.com>2012-11-09 02:07:08 +0100
commit5e93b37310abe92ba101a32fe66c9e02f8d887e9 (patch)
tree4e0041b30540ed5d2a5eea7b245e89d3b1003341
parent6604ceb6a06745af1a4f4ce5d28b08b8a7bb57de (diff)
downloadcoreboot-5e93b37310abe92ba101a32fe66c9e02f8d887e9.tar.xz
Fix Segmentation Fault in ifdtool
If a section is bigger than the FD file it is injected into, and the FD lies about the size of the FD file, ifdtool would crash because reading in the section writes beyound the FD file in memory. Change-Id: Idcfac2b1e2b5907fad34799e44a8abfd89190fcc Signed-off-by: Stefan Reinauer <reinauer@google.com> Reviewed-on: http://review.coreboot.org/1754 Tested-by: build bot (Jenkins) Reviewed-by: Anton Kochkov <anton.kochkov@gmail.com>
-rw-r--r--util/ifdtool/ifdtool.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/util/ifdtool/ifdtool.c b/util/ifdtool/ifdtool.c
index 1b418d10b8..1a8bf85059 100644
--- a/util/ifdtool/ifdtool.c
+++ b/util/ifdtool/ifdtool.c
@@ -397,6 +397,12 @@ void inject_region(char *filename, char *image, int size, int region_type,
memset(image + region.base, 0xff, offset);
}
+ if (size < region.base + offset + region_size) {
+ fprintf(stderr, "Output file is too small. (%d < %d)\n",
+ size, region.base + offset + region_size);
+ exit(EXIT_FAILURE);
+ }
+
if (read(region_fd, image + region.base + offset, region_size)
!= region_size) {
perror("Could not read file");