On Fri, Jul 29, 2022 at 10:54:41PM +0200, Daniel Brát wrote:
> The real size of the fit image might be significantly smaller than it may
> appear to be based on the specified filename. For example, if path to raw disk
> partition is passed (eg. /dev/disk0.1), the size of the partition itself
> might be several times larger than the fit image it contains at the moment
> (so it has headroom for possible future image size changes).
> This modification uses the fdt header field 'totalsize' to read-in only what
> is needed.
>
> Signed-off-by: Daniel Brát <danek.brat@xxxxxxxxx>
> ---
> v2: use fdt32_to_cpu to read the totalsize from header
> ---
> common/image-fit.c | 27 ++++++++++++++++++++++++---
> 1 file changed, 24 insertions(+), 3 deletions(-)
>
> diff --git a/common/image-fit.c b/common/image-fit.c
> index a410632d7..de65e3dd1 100644
> --- a/common/image-fit.c
> +++ b/common/image-fit.c
> @@ -774,13 +774,18 @@ struct fit_handle *fit_open_buf(const void *buf, size_t size, bool verbose,
> enum bootm_verify verify)
> {
> struct fit_handle *handle;
> + struct fdt_header *header;
> int ret;
>
> + if (size < sizeof(*header))
> + return ERR_PTR(-EINVAL);
> +
> + header = (struct fdt_header*)buf;
> handle = xzalloc(sizeof(struct fit_handle));
>
> handle->verbose = verbose;
> handle->fit = buf;
> - handle->size = size;
> + handle->size = fdt32_to_cpu(header->totalsize);
Should we check that header->totalsize doesn't exceed the passed buffer
size?
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
