All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] tools: imximage: Fix check array index
@ 2022-11-22  9:34 Mikhail Ilin
  2023-01-31  9:49 ` sbabic
  0 siblings, 1 reply; 2+ messages in thread
From: Mikhail Ilin @ 2022-11-22  9:34 UTC (permalink / raw)
  To: u-boot; +Cc: Mikhail Ilin

 The struct dcd_v1_t is initialized to MAX_HW_CFG_SIZE_V1 (60)
 structs 'dcd_type_addr_data_t', so the indexes to use on its elements
 are [0,59]. But on line 478, the variable 'length' can take on the value
 60, which applies to array overflow: cd_v1->addr_data[length].type Thus,
 it is necessary to tighten the check on the 'size' variable on line 463.

Fixes: 0b0c6af38738 ("Prepare v2020.01")
Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
---
 tools/imximage.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/imximage.c b/tools/imximage.c
index d7edd3c52f..8d45c917e6 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -460,7 +460,7 @@ static void print_hdr_v1(struct imx_header *imx_hdr)
 	uint32_t size, length, ver;
 
 	size = dcd_v1->preamble.length;
-	if (size > (MAX_HW_CFG_SIZE_V1 * sizeof(dcd_type_addr_data_t))) {
+	if (size >= (MAX_HW_CFG_SIZE_V1 * sizeof(dcd_type_addr_data_t))) {
 		fprintf(stderr,
 			"Error: Image corrupt DCD size %d exceed maximum %d\n",
 			(uint32_t)(size / sizeof(dcd_type_addr_data_t)),
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* [PATCH] tools: imximage: Fix check array index
  2022-11-22  9:34 [PATCH] tools: imximage: Fix check array index Mikhail Ilin
@ 2023-01-31  9:49 ` sbabic
  0 siblings, 0 replies; 2+ messages in thread
From: sbabic @ 2023-01-31  9:49 UTC (permalink / raw)
  To: Mikhail Ilin, u-boot

> The struct dcd_v1_t is initialized to MAX_HW_CFG_SIZE_V1 (60)
>  structs 'dcd_type_addr_data_t', so the indexes to use on its elements
>  are [0,59]. But on line 478, the variable 'length' can take on the value
>  60, which applies to array overflow: cd_v1->addr_data[length].type Thus,
>  it is necessary to tighten the check on the 'size' variable on line 463.
> Fixes: 0b0c6af38738 ("Prepare v2020.01")
> Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
Applied to u-boot-imx, master, thanks !

Best regards,
Stefano Babic

-- 
=====================================================================
DENX Software Engineering GmbH,        Managing Director: Erika Unter  
HRB 165235 Munich,   Office: Kirchenstr.5, 82194 Groebenzell, Germany
Phone: +49-8142-66989-53 Fax: +49-8142-66989-80 Email: sbabic@denx.de
=====================================================================

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-01-31  9:51 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-22  9:34 [PATCH] tools: imximage: Fix check array index Mikhail Ilin
2023-01-31  9:49 ` sbabic

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.