On Fri, 17 May 2024 09:47:35 +0200, Ahmad Fatoum wrote: > The ARM and RISC-V kernel Image format features a 64-byte header and > places the 32-bit magic value identifying it at offset 56. > > The check for the magic values should thus ensure that at least 56 bytes > are guaranteed to be available in the buffer, thus move it into > the >= 64 byte segment of the function. > > [...] Applied, thanks! [1/1] filetype: fix OOB read when detecting type of truncated kernel images https://git.pengutronix.de/cgit/barebox/commit/?id=0b12b757feaa (link may not be stable) Best regards, -- Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>