Avoid coredumps if the FMAP is wrong.

If the FMAP points beyond the boundaries of the image, don't believe it. BUG=chromium:224734 BRANCH=ToT TEST=make runtests Signed-off-by: Bill Richardson <wfrichar@chromium.org> Change-Id: Ic35ce71ceac9beb7eb56b50baec938a8e085606c Reviewed-on: https://chromium-review.googlesource.com/207740 Reviewed-by: Randall Spangler <rspangler@chromium.org>
author: Bill Richardson <wfrichar@chromium.org> 2014-07-09 23:31:13 -0700
committer: chrome-internal-fetch <chrome-internal-fetch@google.com> 2014-07-17 06:50:28 +0000
commit: d462101f06e1bf817295a6cdd2b82e7e87eaeef3 (patch)
tree: 672fe68090528ddae0a2d9e1eb07f7d0378f0cb2
parent: bc2d2b21d97d35f69dc083ad44fb08419fe32a08 (diff)
download: vboot-d462101f06e1bf817295a6cdd2b82e7e87eaeef3.tar.gz
2 files changed, 18 insertions, 12 deletions
diff --git a/Makefile b/Makefile
index 60dd8496..18dc871b 100644
--- a/Makefile
+++ b/Makefile
@@ -140,7 +140,7 @@ CFLAGS ?= ${COMMON_FLAGS} \
 else
 # FIRMWARE_ARCH not defined; assuming local compile.
 CC ?= gcc
-CFLAGS += -DCHROMEOS_ENVIRONMENT -Wall -Werror # HEY: always want last two?
+CFLAGS += -DCHROMEOS_ENVIRONMENT -Wall -Werror ${DEBUG_FLAGS}
 endif
 
 ifneq (${OLDDIR},)
diff --git a/futility/cmd_dump_fmap.c b/futility/cmd_dump_fmap.c
index fbd96209..bf9e7afd 100644
--- a/futility/cmd_dump_fmap.c
+++ b/futility/cmd_dump_fmap.c
@@ -26,6 +26,7 @@ static int opt_format = FMT_NORMAL;
 static int opt_overlap = 0;
 static char *progname;
 static void *base_of_rom;
+static size_t size_of_rom;
 static int opt_gaps = 0;
 
 
@@ -90,18 +91,22 @@ static int dump_fmap(const void *ptr, int argc, char *argv[])
         fprintf(stderr, "%s: can't open %s: %s\n",
                 progname, buf, strerror(errno));
         retval = 1;
+      } else if (!ah->area_size) {
+	fprintf(stderr, "%s: section %s has zero size\n", progname, buf);
+      } else if (ah->area_offset + ah->area_size > size_of_rom) {
+	fprintf(stderr, "%s: section %s is larger than the image\n",
+		progname, buf);
+	retval = 1;
+      } else if (1 != fwrite(base_of_rom + ah->area_offset,
+			     ah->area_size, 1, fp)) {
+	fprintf(stderr, "%s: can't write %s: %s\n",
+		progname, buf, strerror(errno));
+	retval = 1;
       } else {
-        if (ah->area_size &&
-            1 != fwrite(base_of_rom + ah->area_offset, ah->area_size, 1, fp)) {
-          fprintf(stderr, "%s: can't write %s: %s\n",
-                  progname, buf, strerror(errno));
-          retval = 1;
-        } else {
-          if (FMT_NORMAL == opt_format)
-            printf("saved as \"%s\"\n", buf);
-        }
-        fclose(fp);
+	if (FMT_NORMAL == opt_format)
+	  printf("saved as \"%s\"\n", buf);
       }
+      fclose(fp);
     }
   }
 
@@ -444,8 +449,9 @@ static int do_dump_fmap(int argc, char *argv[])
     return 1;
   }
   close(fd);                            /* done with this now */
+  size_of_rom = sb.st_size;
 
-  fmap = FmapFind((char*) base_of_rom, sb.st_size);
+  fmap = FmapFind((char*) base_of_rom, size_of_rom);
   if (fmap) {
     switch (opt_format) {
     case FMT_HUMAN:
author	Bill Richardson <wfrichar@chromium.org>	2014-07-09 23:31:13 -0700
committer	chrome-internal-fetch <chrome-internal-fetch@google.com>	2014-07-17 06:50:28 +0000
commit	d462101f06e1bf817295a6cdd2b82e7e87eaeef3 (patch)
tree	672fe68090528ddae0a2d9e1eb07f7d0378f0cb2
parent	bc2d2b21d97d35f69dc083ad44fb08419fe32a08 (diff)
download	vboot-d462101f06e1bf817295a6cdd2b82e7e87eaeef3.tar.gz