[PATCH v4] common: buffer access out-of-bounds
Abdelrahman Youssef via B4 Relay
devnull+abdelrahmanyossef12.gmail.com at kernel.org
Fri Oct 18 09:24:43 PDT 2024
From: Abdelrahman Youssef <abdelrahmanyossef12 at gmail.com>
in file_detect_type() to detect file of type socfpga_xload you need at least
68 bytes bytes, so we need to check if we have enough bufsize.
So I moved it after checking if `bufsize >= 256`.
Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12 at gmail.com>
---
This patch is a replacement of the last one because there were some issues with it
---
To: Sascha Hauer <s.hauer at pengutronix.de>
To: open list:BAREBOX <barebox at lists.infradead.org>
Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12 at gmail.com>
---
common/filetype.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/common/filetype.c b/common/filetype.c
index 3690d4ae07..67ae4916d1 100644
--- a/common/filetype.c
+++ b/common/filetype.c
@@ -374,9 +374,6 @@ enum filetype file_detect_type(const void *_buf, size_t bufsize)
if (le32_to_cpu(buf[5]) == 0x504d5453)
return filetype_mxs_bootstream;
- if (buf[16] == 0x31305341)
- return filetype_socfpga_xload;
-
if (is_barebox_arm_head(_buf))
return filetype_arm_barebox;
if (buf[9] == 0x016f2818 || buf[9] == 0x18286f01)
@@ -388,6 +385,9 @@ enum filetype file_detect_type(const void *_buf, size_t bufsize)
if (bufsize < 256)
return filetype_unknown;
+ if (buf[16] == 0x31305341)
+ return filetype_socfpga_xload;
+
if (strncmp(buf8, "STM\x32", 4) == 0) {
if (buf8[74] == 0x01) {
switch(le32_to_cpu(buf[63])) {
---
base-commit: 9d47ff66c3892c5a6ddd4704993365a797fbeb68
change-id: 20241018-overflow-dc42def7e4f6
Best regards,
--
Abdelrahman Youssef <abdelrahmanyossef12 at gmail.com>
More information about the barebox
mailing list