[PATCH v2] image-fit: use real size of fit image

[Sascha Hauer]

On Fri, Jul 29, 2022 at 10:54:41PM +0200, Daniel Brát wrote:
> The real size of the fit image might be significantly smaller than it may
> appear to be based on the specified filename. For example, if path to raw disk
> partition is passed (eg. /dev/disk0.1), the size of the partition itself
> might be several times larger than the fit image it contains at the moment
> (so it has headroom for possible future image size changes).
> This modification uses the fdt header field 'totalsize' to read-in only what
> is needed.
> 
> Signed-off-by: Daniel Brát <danek.brat at gmail.com>
> ---
> v2: use fdt32_to_cpu to read the totalsize from header
> ---
>  common/image-fit.c | 27 ++++++++++++++++++++++++---
>  1 file changed, 24 insertions(+), 3 deletions(-)
> 
> diff --git a/common/image-fit.c b/common/image-fit.c
> index a410632d7..de65e3dd1 100644
> --- a/common/image-fit.c
> +++ b/common/image-fit.c
> @@ -774,13 +774,18 @@ struct fit_handle *fit_open_buf(const void *buf, size_t size, bool verbose,
>  				enum bootm_verify verify)
>  {
>  	struct fit_handle *handle;
> +	struct fdt_header *header;
>  	int ret;
>  
> +	if (size < sizeof(*header))
> +		return ERR_PTR(-EINVAL);
> +
> +	header = (struct fdt_header*)buf;
>  	handle = xzalloc(sizeof(struct fit_handle));
>  
>  	handle->verbose = verbose;
>  	handle->fit = buf;
> -	handle->size = size;
> +	handle->size = fdt32_to_cpu(header->totalsize);

Should we check that header->totalsize doesn't exceed the passed buffer
size?

Sascha

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |