mirrors/u-boot
1
0
Fork 0
mirror of https://source.denx.de/u-boot/u-boot.git synced 2026-05-05 20:56:12 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

tools: imximage: Fix check array index

Browse Source 
The struct dcd_v1_t is initialized to MAX_HW_CFG_SIZE_V1 (60)
 structs 'dcd_type_addr_data_t', so the indexes to use on its elements
 are [0,59]. But on line 478, the variable 'length' can take on the value
 60, which applies to array overflow: cd_v1->addr_data[length].type Thus,
 it is necessary to tighten the check on the 'size' variable on line 463.

Fixes: 0b0c6af38738 ("Prepare v2020.01")
Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
This commit is contained in:
Mikhail Ilin 2022-11-22 12:34:26 +03:00 committed by Stefano Babic
parent baa7550c14
commit 507a70b144
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tools/imximage.c
View File

@ -460,7 +460,7 @@ static void print_hdr_v1(struct imx_header *imx_hdr)
uint32_t size, length, ver;
size = dcd_v1->preamble.length;
if (size > (MAX_HW_CFG_SIZE_V1 * sizeof(dcd_type_addr_data_t))) {
if (size >= (MAX_HW_CFG_SIZE_V1 * sizeof(dcd_type_addr_data_t))) {
fprintf(stderr,
"Error: Image corrupt DCD size %d exceed maximum %d\n",
(uint32_t)(size / sizeof(dcd_type_addr_data_t)),