From 137484dee70b378ee557de4e6bbe59716e4791f0 Mon Sep 17 00:00:00 2001 From: Richard Spiegel Date: Wed, 17 Jan 2018 10:23:19 -0700 Subject: util/amdfwtool/amdfwtool.c: Verify it actually read bytes The function read() returns the number of bytes actually read. Program is assuming it actually read the required number of bytes without checking. This is wrong. This fixes CIDs 1353019 and 1353021 BUG=b:72062481 TEST=Build no errors Change-Id: I22d41b3de4eac5369f512f78b1b31cc1a250f787 Signed-off-by: Richard Spiegel Reviewed-on: https://review.coreboot.org/23304 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin --- util/amdfwtool/amdfwtool.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) (limited to 'util') diff --git a/util/amdfwtool/amdfwtool.c b/util/amdfwtool/amdfwtool.c index 289d47a53e..303a31df3f 100644 --- a/util/amdfwtool/amdfwtool.c +++ b/util/amdfwtool/amdfwtool.c @@ -285,6 +285,7 @@ static uint32_t integrate_firmwares(char *base, uint32_t pos, uint32_t *romsig, amd_fw_entry *fw_table, uint32_t rom_size) { int fd; + ssize_t bytes; struct stat fd_stat; int i; uint32_t rom_base_address = 0xFFFFFFFF - rom_size + 1; @@ -323,9 +324,17 @@ static uint32_t integrate_firmwares(char *base, uint32_t pos, uint32_t *romsig, exit(1); } - read(fd, (void *)(base + pos), (size_t)fd_stat.st_size); + bytes = read(fd, (void *)(base + pos), + (size_t)fd_stat.st_size); + if (bytes == (ssize_t)fd_stat.st_size) + pos += fd_stat.st_size; + else { + printf("Error while reading %s\n", + fw_table[i].filename); + free(base); + exit(1); + } - pos += fd_stat.st_size; close(fd); pos = ALIGN(pos, 0x100U); } @@ -340,6 +349,7 @@ static uint32_t integrate_psp_firmwares(char *base, uint32_t pos, uint32_t rom_size) { int fd; + ssize_t bytes; struct stat fd_stat; unsigned int i; uint32_t rom_base_address = 0xFFFFFFFF - rom_size + 1; @@ -373,9 +383,17 @@ static uint32_t integrate_psp_firmwares(char *base, uint32_t pos, exit(1); } - read(fd, (void *)(base + pos), (size_t)fd_stat.st_size); + bytes = read(fd, (void *)(base + pos), + (size_t)fd_stat.st_size); + if (bytes == (ssize_t)fd_stat.st_size) + pos += fd_stat.st_size; + else { + printf("Error while reading %s\n", + fw_table[i].filename); + free(base); + exit(1); + } - pos += fd_stat.st_size; close(fd); pos = ALIGN(pos, 0x100U); } else { -- cgit v1.2.3