[PATCH v2 11/16] cbfs: Check offset range when reading a file

Simon Glass sjg at chromium.org
Fri May 14 03:39:27 CEST 2021


Add a check that the offset is within the allowed range.

Signed-off-by: Simon Glass <sjg at chromium.org>
Reported-by: Coverity (CID: 331155)
---

(no changes since v1)

 fs/cbfs/cbfs.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/fs/cbfs/cbfs.c b/fs/cbfs/cbfs.c
index 415ea28b871..3e905c74e58 100644
--- a/fs/cbfs/cbfs.c
+++ b/fs/cbfs/cbfs.c
@@ -167,6 +167,8 @@ static int file_cbfs_next_file(struct cbfs_priv *priv, void *start, int size,
 		}
 
 		swap_file_header(&header, file_header);
+		if (header.offset >= size)
+			return log_msg_ret("range", -E2BIG);
 		ret = fill_node(node, start, &header);
 		if (ret) {
 			priv->result = CBFS_BAD_FILE;
-- 
2.31.1.751.gd2f1c929bd-goog



More information about the U-Boot mailing list