From: Simon Glass <sjg@chromium.org>
To: u-boot@lists.denx.de
Subject: [PATCH v2 11/16] cbfs: Check offset range when reading a file
Date: Thu, 13 May 2021 19:39:27 -0600 [thread overview]
Message-ID: <20210514014011.2832707-9-sjg@chromium.org> (raw)
In-Reply-To: <20210513193923.v2.1.I85633a7354c5b2ad5c55257607280392d069d70c@changeid>
Add a check that the offset is within the allowed range.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 331155)
---
(no changes since v1)
fs/cbfs/cbfs.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/cbfs/cbfs.c b/fs/cbfs/cbfs.c
index 415ea28b871..3e905c74e58 100644
--- a/fs/cbfs/cbfs.c
+++ b/fs/cbfs/cbfs.c
@@ -167,6 +167,8 @@ static int file_cbfs_next_file(struct cbfs_priv *priv, void *start, int size,
}
swap_file_header(&header, file_header);
+ if (header.offset >= size)
+ return log_msg_ret("range", -E2BIG);
ret = fill_node(node, start, &header);
if (ret) {
priv->result = CBFS_BAD_FILE;
--
2.31.1.751.gd2f1c929bd-goog
next prev parent reply other threads:[~2021-05-14 1:39 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-14 1:39 [PATCH v2 01/16] sandbox: net: Ensure host name is always a valid string Simon Glass
2021-05-14 1:39 ` [PATCH v2 02/16] video: Check return value in pwm_backlight_of_to_plat() Simon Glass
2021-07-16 15:51 ` Tom Rini
2021-05-14 1:39 ` [PATCH v2 03/16] test: Rename final check in setexpr_test_backref() Simon Glass
2021-07-16 15:51 ` Tom Rini
2021-05-14 1:39 ` [PATCH v2 04/16] tools: Avoid showing return value of clock_gettime() Simon Glass
2021-07-16 15:51 ` Tom Rini
2021-05-14 1:39 ` [PATCH v2 05/16] reset: Avoid a warning in devm_reset_bulk_get_by_node() Simon Glass
2021-07-16 15:51 ` Tom Rini
2021-05-14 1:39 ` [PATCH v2 06/16] reset: Avoid a warning in devm_regmap_init() Simon Glass
2021-07-16 15:51 ` Tom Rini
2021-05-14 1:39 ` [PATCH v2 07/16] test: Avoid random numbers in dm_test_devm_regmap() Simon Glass
2021-05-25 0:57 ` Tom Rini
2021-05-14 1:39 ` [PATCH v2 08/16] dm: core: Check uclass_get() return value when dumping Simon Glass
2021-07-16 15:51 ` Tom Rini
2021-05-14 1:39 ` [PATCH v2 09/16] sandbox: scmi: Indicate dead code for coverity Simon Glass
2021-05-14 1:39 ` [PATCH v2 10/16] sandbox: cros_ec: Update error handling when reading matrix Simon Glass
2021-07-16 15:51 ` Tom Rini
2021-05-14 1:39 ` Simon Glass [this message]
2021-07-16 15:51 ` [PATCH v2 11/16] cbfs: Check offset range when reading a file Tom Rini
2021-05-14 1:39 ` [PATCH v2 12/16] pinctrl: Avoid coverity warning when checking width Simon Glass
2021-07-16 15:51 ` Tom Rini
2021-05-14 1:39 ` [PATCH v2 13/16] tpm: Check outgoing command size Simon Glass
2021-07-16 15:52 ` Tom Rini
2021-05-14 1:39 ` [PATCH v2 14/16] sandbox: Silence coverity warning in state_read_file() Simon Glass
2021-07-16 15:52 ` Tom Rini
2021-05-14 1:39 ` [PATCH v2 15/16] clk: Detect failure to set defaults Simon Glass
2021-07-16 15:52 ` Tom Rini
2021-08-18 14:09 ` Harm Berntsen
2021-08-20 18:18 ` Simon Glass
2021-08-26 10:27 ` Fwd: " Harm Berntsen
2021-10-20 7:17 ` Rasmus Villemoes
2021-10-24 19:53 ` Simon Glass
2021-05-14 1:39 ` [PATCH v2 16/16] RFC: clk: Return error code from clk_set_default_get_by_id() Simon Glass
2021-05-15 20:03 ` [PATCH v2 01/16] sandbox: net: Ensure host name is always a valid string Ramon Fried
2021-07-16 15:51 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210514014011.2832707-9-sjg@chromium.org \
--to=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.