diff options
author | Bill Richardson <wfrichar@chromium.org> | 2014-07-09 23:31:13 -0700 |
---|---|---|
committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-07-17 06:50:28 +0000 |
commit | d462101f06e1bf817295a6cdd2b82e7e87eaeef3 (patch) | |
tree | 672fe68090528ddae0a2d9e1eb07f7d0378f0cb2 /futility/cmd_dump_fmap.c | |
parent | bc2d2b21d97d35f69dc083ad44fb08419fe32a08 (diff) | |
download | vboot-d462101f06e1bf817295a6cdd2b82e7e87eaeef3.tar.gz |
Avoid coredumps if the FMAP is wrong.
If the FMAP points beyond the boundaries of the image, don't believe it.
BUG=chromium:224734
BRANCH=ToT
TEST=make runtests
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Change-Id: Ic35ce71ceac9beb7eb56b50baec938a8e085606c
Reviewed-on: https://chromium-review.googlesource.com/207740
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'futility/cmd_dump_fmap.c')
-rw-r--r-- | futility/cmd_dump_fmap.c | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/futility/cmd_dump_fmap.c b/futility/cmd_dump_fmap.c index fbd96209..bf9e7afd 100644 --- a/futility/cmd_dump_fmap.c +++ b/futility/cmd_dump_fmap.c @@ -26,6 +26,7 @@ static int opt_format = FMT_NORMAL; static int opt_overlap = 0; static char *progname; static void *base_of_rom; +static size_t size_of_rom; static int opt_gaps = 0; @@ -90,18 +91,22 @@ static int dump_fmap(const void *ptr, int argc, char *argv[]) fprintf(stderr, "%s: can't open %s: %s\n", progname, buf, strerror(errno)); retval = 1; + } else if (!ah->area_size) { + fprintf(stderr, "%s: section %s has zero size\n", progname, buf); + } else if (ah->area_offset + ah->area_size > size_of_rom) { + fprintf(stderr, "%s: section %s is larger than the image\n", + progname, buf); + retval = 1; + } else if (1 != fwrite(base_of_rom + ah->area_offset, + ah->area_size, 1, fp)) { + fprintf(stderr, "%s: can't write %s: %s\n", + progname, buf, strerror(errno)); + retval = 1; } else { - if (ah->area_size && - 1 != fwrite(base_of_rom + ah->area_offset, ah->area_size, 1, fp)) { - fprintf(stderr, "%s: can't write %s: %s\n", - progname, buf, strerror(errno)); - retval = 1; - } else { - if (FMT_NORMAL == opt_format) - printf("saved as \"%s\"\n", buf); - } - fclose(fp); + if (FMT_NORMAL == opt_format) + printf("saved as \"%s\"\n", buf); } + fclose(fp); } } @@ -444,8 +449,9 @@ static int do_dump_fmap(int argc, char *argv[]) return 1; } close(fd); /* done with this now */ + size_of_rom = sb.st_size; - fmap = FmapFind((char*) base_of_rom, sb.st_size); + fmap = FmapFind((char*) base_of_rom, size_of_rom); if (fmap) { switch (opt_format) { case FMT_HUMAN: |