diff options
author | Evan Benn <evanbenn@chromium.org> | 2023-01-18 14:17:58 +1100 |
---|---|---|
committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2023-01-27 10:13:51 +0000 |
commit | 0b426134a5c36866738a1a344670481d088ef6ee (patch) | |
tree | b59b026e468431064ec4709495e5e2c09911e229 | |
parent | 9fff950d802f36f2b934f6d496424fd2154b6230 (diff) | |
download | vboot-0b426134a5c36866738a1a344670481d088ef6ee.tar.gz |
host: flashrom_drv: Read fmap layout from flash only
flashrom_read_region was attempting to read the fmap from the provided
destination buffer before falling back to the rom with a warning. Then
it would leak the buffer anyway using calloc. This was undocumented
behaviour.
There is only one callsite of this function (futility
manifest_detect_model_from_frid) and it does not use this feature: it
initialises a zeroed firmware_image.
BUG=b:265861606
BRANCH=None
TEST=futility update -a /usr/sbin/chromeos-firmwareupdate --detect-model-only # grunt
Change-Id: I90b4be9b1b22b19c84252425e770e30e4def3a7c
Signed-off-by: Evan Benn <evanbenn@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/4170145
Tested-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Julius Werner <jwerner@chromium.org>
Reviewed-by: Edward O'Callaghan <quasisec@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
-rw-r--r-- | host/lib/flashrom_drv.c | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/host/lib/flashrom_drv.c b/host/lib/flashrom_drv.c index a9889cc9..880a0fc9 100644 --- a/host/lib/flashrom_drv.c +++ b/host/lib/flashrom_drv.c @@ -80,19 +80,12 @@ static int flashrom_read_image_impl(struct firmware_image *image, flashrom_flag_set(flashctx, FLASHROM_FLAG_SKIP_UNREADABLE_REGIONS, true); if (region) { - r = flashrom_layout_read_fmap_from_buffer( - &layout, flashctx, (const uint8_t *)image->data, - image->size); + r = flashrom_layout_read_fmap_from_rom( + &layout, flashctx, 0, len); if (r > 0) { - WARN("could not read fmap from image, r=%d, " - "falling back to read from rom\n", r); - r = flashrom_layout_read_fmap_from_rom( - &layout, flashctx, 0, len); - if (r > 0) { - ERROR("could not read fmap from rom, r=%d\n", r); - r = -1; - goto err_cleanup; - } + ERROR("could not read fmap from rom, r=%d\n", r); + r = -1; + goto err_cleanup; } // empty region causes seg fault in API. r |= flashrom_layout_include_region(layout, region); |