* [PATCH 1/2] image-sparse: change retlen to size_t
@ 2021-01-11 10:32 Steffen Trumtrar
2021-01-11 10:32 ` [PATCH 2/2] image-sparse: change chunk_data_sz to u64 Steffen Trumtrar
2021-01-13 9:03 ` [PATCH 1/2] image-sparse: change retlen to size_t Sascha Hauer
0 siblings, 2 replies; 3+ messages in thread
From: Steffen Trumtrar @ 2021-01-11 10:32 UTC (permalink / raw)
To: barebox; +Cc: Steffen Trumtrar
retlen can potentially overflow. Also, write_full() in
fastboot_handle_sparse() expects size_t anyway.
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
---
common/fastboot.c | 2 +-
include/image-sparse.h | 2 +-
lib/image-sparse.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/common/fastboot.c b/common/fastboot.c
index 1b6dc28d8e..40b92d9982 100644
--- a/common/fastboot.c
+++ b/common/fastboot.c
@@ -566,7 +566,7 @@ static int fastboot_handle_sparse(struct fastboot *fb,
}
while (1) {
- int retlen;
+ size_t retlen;
loff_t pos;
ret = sparse_image_read(sparse, buf, &pos, bufsiz, &retlen);
diff --git a/include/image-sparse.h b/include/image-sparse.h
index 29242f4fd5..6bff844411 100644
--- a/include/image-sparse.h
+++ b/include/image-sparse.h
@@ -60,7 +60,7 @@ struct sparse_image_ctx;
struct sparse_image_ctx *sparse_image_open(const char *path);
int sparse_image_read(struct sparse_image_ctx *si, void *buf,
- loff_t *pos, size_t len, int *retlen);
+ loff_t *pos, size_t len, size_t *retlen);
void sparse_image_close(struct sparse_image_ctx *si);
loff_t sparse_image_size(struct sparse_image_ctx *si);
diff --git a/lib/image-sparse.c b/lib/image-sparse.c
index 0c31742ab6..8e7a52fd71 100644
--- a/lib/image-sparse.c
+++ b/lib/image-sparse.c
@@ -190,7 +190,7 @@ out:
}
int sparse_image_read(struct sparse_image_ctx *si, void *buf, loff_t *pos,
- size_t len, int *retlen)
+ size_t len, size_t *retlen)
{
size_t now;
int ret, i;
--
2.20.1
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 2/2] image-sparse: change chunk_data_sz to u64
2021-01-11 10:32 [PATCH 1/2] image-sparse: change retlen to size_t Steffen Trumtrar
@ 2021-01-11 10:32 ` Steffen Trumtrar
2021-01-13 9:03 ` [PATCH 1/2] image-sparse: change retlen to size_t Sascha Hauer
1 sibling, 0 replies; 3+ messages in thread
From: Steffen Trumtrar @ 2021-01-11 10:32 UTC (permalink / raw)
To: barebox; +Cc: Steffen Trumtrar
chunk_data_sz is set to the result of a __le32 * __le32 multiplication:
chunk_data_sz = si->sparse.blk_sz * si->chunk.chunk_sz;
This will overflow.
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
---
lib/image-sparse.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/image-sparse.c b/lib/image-sparse.c
index 8e7a52fd71..c375c78d63 100644
--- a/lib/image-sparse.c
+++ b/lib/image-sparse.c
@@ -62,7 +62,8 @@ struct sparse_image_ctx {
static int sparse_seek(struct sparse_image_ctx *si)
{
- unsigned int chunk_data_sz, payload;
+ uint64_t chunk_data_sz;
+ unsigned int payload;
loff_t offs;
int ret;
@@ -94,7 +95,7 @@ again:
return -errno;
}
- chunk_data_sz = si->sparse.blk_sz * si->chunk.chunk_sz;
+ chunk_data_sz = (uint64_t) si->sparse.blk_sz * si->chunk.chunk_sz;
payload = si->chunk.total_sz - si->sparse.chunk_hdr_sz;
si->processed_chunks++;
--
2.20.1
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH 1/2] image-sparse: change retlen to size_t
2021-01-11 10:32 [PATCH 1/2] image-sparse: change retlen to size_t Steffen Trumtrar
2021-01-11 10:32 ` [PATCH 2/2] image-sparse: change chunk_data_sz to u64 Steffen Trumtrar
@ 2021-01-13 9:03 ` Sascha Hauer
1 sibling, 0 replies; 3+ messages in thread
From: Sascha Hauer @ 2021-01-13 9:03 UTC (permalink / raw)
To: Steffen Trumtrar; +Cc: barebox
On Mon, Jan 11, 2021 at 11:32:04AM +0100, Steffen Trumtrar wrote:
> retlen can potentially overflow. Also, write_full() in
> fastboot_handle_sparse() expects size_t anyway.
>
> Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
> ---
> common/fastboot.c | 2 +-
> include/image-sparse.h | 2 +-
> lib/image-sparse.c | 2 +-
> 3 files changed, 3 insertions(+), 3 deletions(-)
Applied to master, thanks
Sascha
>
> diff --git a/common/fastboot.c b/common/fastboot.c
> index 1b6dc28d8e..40b92d9982 100644
> --- a/common/fastboot.c
> +++ b/common/fastboot.c
> @@ -566,7 +566,7 @@ static int fastboot_handle_sparse(struct fastboot *fb,
> }
>
> while (1) {
> - int retlen;
> + size_t retlen;
> loff_t pos;
>
> ret = sparse_image_read(sparse, buf, &pos, bufsiz, &retlen);
> diff --git a/include/image-sparse.h b/include/image-sparse.h
> index 29242f4fd5..6bff844411 100644
> --- a/include/image-sparse.h
> +++ b/include/image-sparse.h
> @@ -60,7 +60,7 @@ struct sparse_image_ctx;
>
> struct sparse_image_ctx *sparse_image_open(const char *path);
> int sparse_image_read(struct sparse_image_ctx *si, void *buf,
> - loff_t *pos, size_t len, int *retlen);
> + loff_t *pos, size_t len, size_t *retlen);
> void sparse_image_close(struct sparse_image_ctx *si);
> loff_t sparse_image_size(struct sparse_image_ctx *si);
>
> diff --git a/lib/image-sparse.c b/lib/image-sparse.c
> index 0c31742ab6..8e7a52fd71 100644
> --- a/lib/image-sparse.c
> +++ b/lib/image-sparse.c
> @@ -190,7 +190,7 @@ out:
> }
>
> int sparse_image_read(struct sparse_image_ctx *si, void *buf, loff_t *pos,
> - size_t len, int *retlen)
> + size_t len, size_t *retlen)
> {
> size_t now;
> int ret, i;
> --
> 2.20.1
>
>
> _______________________________________________
> barebox mailing list
> barebox@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/barebox
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-01-13 9:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-11 10:32 [PATCH 1/2] image-sparse: change retlen to size_t Steffen Trumtrar
2021-01-11 10:32 ` [PATCH 2/2] image-sparse: change chunk_data_sz to u64 Steffen Trumtrar
2021-01-13 9:03 ` [PATCH 1/2] image-sparse: change retlen to size_t Sascha Hauer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox