summaryrefslogtreecommitdiffstats
path: root/util/ifdtool/ifdtool.c
diff options
context:
space:
mode:
authorStefan Reinauer <reinauer@chromium.org>2012-09-25 13:30:48 -0700
committerAnton Kochkov <anton.kochkov@gmail.com>2012-11-09 02:07:08 +0100
commit5e93b37310abe92ba101a32fe66c9e02f8d887e9 (patch)
tree4e0041b30540ed5d2a5eea7b245e89d3b1003341 /util/ifdtool/ifdtool.c
parent6604ceb6a06745af1a4f4ce5d28b08b8a7bb57de (diff)
downloadcoreboot-5e93b37310abe92ba101a32fe66c9e02f8d887e9.tar.gz
coreboot-5e93b37310abe92ba101a32fe66c9e02f8d887e9.tar.bz2
coreboot-5e93b37310abe92ba101a32fe66c9e02f8d887e9.zip
Fix Segmentation Fault in ifdtool
If a section is bigger than the FD file it is injected into, and the FD lies about the size of the FD file, ifdtool would crash because reading in the section writes beyound the FD file in memory. Change-Id: Idcfac2b1e2b5907fad34799e44a8abfd89190fcc Signed-off-by: Stefan Reinauer <reinauer@google.com> Reviewed-on: http://review.coreboot.org/1754 Tested-by: build bot (Jenkins) Reviewed-by: Anton Kochkov <anton.kochkov@gmail.com>
Diffstat (limited to 'util/ifdtool/ifdtool.c')
-rw-r--r--util/ifdtool/ifdtool.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/util/ifdtool/ifdtool.c b/util/ifdtool/ifdtool.c
index 1b418d10b88b..1a8bf850597d 100644
--- a/util/ifdtool/ifdtool.c
+++ b/util/ifdtool/ifdtool.c
@@ -397,6 +397,12 @@ void inject_region(char *filename, char *image, int size, int region_type,
memset(image + region.base, 0xff, offset);
}
+ if (size < region.base + offset + region_size) {
+ fprintf(stderr, "Output file is too small. (%d < %d)\n",
+ size, region.base + offset + region_size);
+ exit(EXIT_FAILURE);
+ }
+
if (read(region_fd, image + region.base + offset, region_size)
!= region_size) {
perror("Could not read file");
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-02 07:56:34 +0000