[U-Boot] [PATCH V2 02/21] imximage: check dcd_len as entries added
Troy Kisky
troy.kisky at boundarydevices.com
Mon Sep 24 22:54:37 CEST 2012
On 9/23/2012 4:05 AM, Stefano Babic wrote:
> On 22/09/2012 04:38, Troy Kisky wrote:
>> Before the len was checked after the entire file
>> was processed, so it could have already overflowed.
>>
> Hi Troy,
>
>> Signed-off-by: Troy Kisky <troy.kisky at boundarydevices.com>
>> ---
>> tools/imximage.c | 26 +++++++++++---------------
>> 1 file changed, 11 insertions(+), 15 deletions(-)
>>
>> diff --git a/tools/imximage.c b/tools/imximage.c
>> index 25d3b74..0bfbec3 100644
>> --- a/tools/imximage.c
>> +++ b/tools/imximage.c
>> @@ -71,6 +71,7 @@ static set_dcd_val_t set_dcd_val;
>> static set_dcd_rst_t set_dcd_rst;
>> static set_imx_hdr_t set_imx_hdr;
>> static set_imx_size_t set_imx_size;
>> +static uint32_t max_dcd_entries;
>> static uint32_t g_flash_offset;
>>
>> static struct image_type_params imximage_params;
>> @@ -173,13 +174,6 @@ static void set_dcd_rst_v1(struct imx_header *imxhdr, uint32_t dcd_len,
>> {
>> dcd_v1_t *dcd_v1 = &imxhdr->header.hdr_v1.dcd_table;
>>
>> - if (dcd_len > MAX_HW_CFG_SIZE_V1) {
>> - fprintf(stderr, "Error: %s[%d] -"
>> - "DCD table exceeds maximum size(%d)\n",
>> - name, lineno, MAX_HW_CFG_SIZE_V1);
>> - exit(EXIT_FAILURE);
>> - }
>> -
>> dcd_v1->preamble.barker = DCD_BARKER;
>> dcd_v1->preamble.length = dcd_len * sizeof(dcd_type_addr_data_t);
>> }
>> @@ -193,13 +187,6 @@ static void set_dcd_rst_v2(struct imx_header *imxhdr, uint32_t dcd_len,
>> {
>> dcd_v2_t *dcd_v2 = &imxhdr->header.hdr_v2.dcd_table;
>>
>> - if (dcd_len > MAX_HW_CFG_SIZE_V2) {
>> - fprintf(stderr, "Error: %s[%d] -"
>> - "DCD table exceeds maximum size(%d)\n",
>> - name, lineno, MAX_HW_CFG_SIZE_V2);
>> - exit(EXIT_FAILURE);
>> - }
>> -
>> dcd_v2->header.tag = DCD_HEADER_TAG;
>> dcd_v2->header.length = cpu_to_be16(
>> dcd_len * sizeof(dcd_addr_data_t) + 8);
>> @@ -293,12 +280,14 @@ static void set_hdr_func(struct imx_header *imxhdr)
>> set_dcd_rst = set_dcd_rst_v1;
>> set_imx_hdr = set_imx_hdr_v1;
>> set_imx_size = set_imx_size_v1;
>> + max_dcd_entries = MAX_HW_CFG_SIZE_V1;
>> break;
>> case IMXIMAGE_V2:
>> set_dcd_val = set_dcd_val_v2;
>> set_dcd_rst = set_dcd_rst_v2;
>> set_imx_hdr = set_imx_hdr_v2;
>> set_imx_size = set_imx_size_v2;
>> + max_dcd_entries = MAX_HW_CFG_SIZE_V2;
>> break;
>> default:
>> err_imximage_version(imximage_version);
>> @@ -425,8 +414,15 @@ static void parse_cfg_fld(struct imx_header *imxhdr, int32_t *cmd,
>> value = get_cfg_value(token, name, lineno);
>> (*set_dcd_val)(imxhdr, name, lineno, fld, value, *dcd_len);
>>
>> - if (fld == CFG_REG_VALUE)
>> + if (fld == CFG_REG_VALUE) {
>> (*dcd_len)++;
>> + if (*dcd_len > max_dcd_entries) {
>> + fprintf(stderr, "Error: %s[%d] -"
>> + "DCD table exceeds maximum size(%d)\n",
>> + name, lineno, max_dcd_entries);
>> + exit(EXIT_FAILURE);
>> + }
>> + }
>> break;
>> default:
>> break;
>>
> This patch seems to me unrelated to the rest, and fixes the case when
> too much DCD entries are put into the imximage.cfg file. What about to
> rebase it on the current code and post it as separate patch ? I think
> this can be merged directly, also in the current realease.
>
> Best regards,
> Stefano Babic
>
It is a fix, but for a bug that has never happened. So I think it is
very low priority.
But I can reorder the patches so that this is the 1st in the series, in case
the other patches are never accepted.
I don't think it belongs in the current release.
Troy
More information about the U-Boot
mailing list