* [PATCH v5] common: buffer access out-of-bounds
@ 2024-10-18 17:13 Abdelrahman Youssef via B4 Relay
2024-10-21 5:48 ` Sascha Hauer
0 siblings, 1 reply; 2+ messages in thread
From: Abdelrahman Youssef via B4 Relay @ 2024-10-18 17:13 UTC (permalink / raw)
To: Sascha Hauer, BAREBOX; +Cc: Abdelrahman Youssef
From: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
in file_detect_type() to detect file of type socfpga_xload you need at least
68 bytes bytes, so we need to check if we have enough bufsize.
So I moved it after checking if `bufsize >= 256`.
Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
---
This patch is a replacement of the last one because there were some issues with it
---
To: Sascha Hauer <s.hauer@pengutronix.de>
To: open list:BAREBOX <barebox@lists.infradead.org>
Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
---
Changes in v5:
Removed leading spaces that misaliged the code in v3
---
common/filetype.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/common/filetype.c b/common/filetype.c
index 3690d4ae07..67ae4916d1 100644
--- a/common/filetype.c
+++ b/common/filetype.c
@@ -374,9 +374,6 @@ enum filetype file_detect_type(const void *_buf, size_t bufsize)
if (le32_to_cpu(buf[5]) == 0x504d5453)
return filetype_mxs_bootstream;
- if (buf[16] == 0x31305341)
- return filetype_socfpga_xload;
-
if (is_barebox_arm_head(_buf))
return filetype_arm_barebox;
if (buf[9] == 0x016f2818 || buf[9] == 0x18286f01)
@@ -388,6 +385,9 @@ enum filetype file_detect_type(const void *_buf, size_t bufsize)
if (bufsize < 256)
return filetype_unknown;
+ if (buf[16] == 0x31305341)
+ return filetype_socfpga_xload;
+
if (strncmp(buf8, "STM\x32", 4) == 0) {
if (buf8[74] == 0x01) {
switch(le32_to_cpu(buf[63])) {
---
base-commit: 9d47ff66c3892c5a6ddd4704993365a797fbeb68
change-id: 20241018-overflow-dc42def7e4f6
Best regards,
--
Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-10-21 5:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-18 17:13 [PATCH v5] common: buffer access out-of-bounds Abdelrahman Youssef via B4 Relay
2024-10-21 5:48 ` Sascha Hauer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox