From: Abdelrahman Youssef via B4 Relay <devnull+abdelrahmanyossef12.gmail.com@kernel.org>
To: Sascha Hauer <s.hauer@pengutronix.de>,
BAREBOX <barebox@lists.infradead.org>
Cc: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
Subject: [PATCH v2 2/2] common: buffer access out-of-bounds
Date: Fri, 18 Oct 2024 14:45:56 +0300 [thread overview]
Message-ID: <20241018-errors_fixes-v2-2-7f49d5a0087b@gmail.com> (raw)
In-Reply-To: <20241018-errors_fixes-v2-0-7f49d5a0087b@gmail.com>
From: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
in file_detect_type() to detect file of type socfpga_xload you need at least
68 bytes bytes, so we need to check if we have enough bufsize.
So I moved it after checking if `bufsize >= 256`.
Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
---
common/filetype.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/common/filetype.c b/common/filetype.c
index 3690d4ae07..3f74871d7f 100644
--- a/common/filetype.c
+++ b/common/filetype.c
@@ -374,9 +374,6 @@ enum filetype file_detect_type(const void *_buf, size_t bufsize)
if (le32_to_cpu(buf[5]) == 0x504d5453)
return filetype_mxs_bootstream;
- if (buf[16] == 0x31305341)
- return filetype_socfpga_xload;
-
if (is_barebox_arm_head(_buf))
return filetype_arm_barebox;
if (buf[9] == 0x016f2818 || buf[9] == 0x18286f01)
@@ -388,7 +385,10 @@ enum filetype file_detect_type(const void *_buf, size_t bufsize)
if (bufsize < 256)
return filetype_unknown;
- if (strncmp(buf8, "STM\x32", 4) == 0) {
+ if (buf[16] == 0x31305341)
+ return filetype_socfpga_xload;
+
+ if (strncmp(buf8, "STM\x32", 4) == 0) {
if (buf8[74] == 0x01) {
switch(le32_to_cpu(buf[63])) {
case 0x00000000:
--
2.43.0
next prev parent reply other threads:[~2024-10-18 11:47 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-18 11:45 [PATCH v2 0/2] " Abdelrahman Youssef via B4 Relay
2024-10-18 11:45 ` [PATCH v2 1/2] include: Include <linux/math.h> to resolve implicit declaration of do_div() Abdelrahman Youssef via B4 Relay
2024-10-18 12:03 ` Ahmad Fatoum
2024-10-18 11:45 ` Abdelrahman Youssef via B4 Relay [this message]
2024-10-18 12:06 ` [PATCH v2 2/2] common: buffer access out-of-bounds Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241018-errors_fixes-v2-2-7f49d5a0087b@gmail.com \
--to=devnull+abdelrahmanyossef12.gmail.com@kernel.org \
--cc=abdelrahmanyossef12@gmail.com \
--cc=barebox@lists.infradead.org \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox