diff options
author | Linux Build Service Account <lnxbuild@localhost> | 2016-04-07 15:57:34 -0700 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2016-04-07 15:57:34 -0700 |
commit | 337397d16e1c196a7fc69e21be7775841b2a942a (patch) | |
tree | 0d4c18af75822f502c321ebd3491c23deb24063f | |
parent | 7a20826f37157f2916a5bca24d21461f878b172d (diff) | |
parent | 30c0b9556f7ef646effa2a3ab90bde9d1b48294f (diff) |
Merge "app: aboot: add check on decompression space"
-rw-r--r-- | app/aboot/aboot.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c index d4053771..6fef19a2 100644 --- a/app/aboot/aboot.c +++ b/app/aboot/aboot.c @@ -1242,8 +1242,23 @@ int boot_linux_from_mmc(void) */ if (is_gzip_package((unsigned char *)(image_addr + page_size), hdr->kernel_size)) { + if ((imagesize_actual + page_size) < imagesize_actual) + { + dprintf(CRITICAL, "Integer overflow in boot.img header fields\n"); + ASSERT(0); + } out_addr = (unsigned char *)(image_addr + imagesize_actual + page_size); + if (target_get_max_flash_size() < (imagesize_actual + page_size)) + { + dprintf(CRITICAL, "No space avaiable for decompression\n"); + ASSERT(0); + } out_avai_len = target_get_max_flash_size() - imagesize_actual - page_size; + if (check_aboot_addr_range_overlap((uint32_t)out_addr, out_avai_len)) + { + dprintf(CRITICAL, "decompress address overlap with aboot addresse\n"); + return -1; + } dprintf(INFO, "decompressing kernel image: start\n"); rc = decompress((unsigned char *)(image_addr + page_size), hdr->kernel_size, out_addr, out_avai_len, |