From d462101f06e1bf817295a6cdd2b82e7e87eaeef3 Mon Sep 17 00:00:00 2001 From: Bill Richardson Date: Wed, 9 Jul 2014 23:31:13 -0700 Subject: Avoid coredumps if the FMAP is wrong. If the FMAP points beyond the boundaries of the image, don't believe it. BUG=chromium:224734 BRANCH=ToT TEST=make runtests Signed-off-by: Bill Richardson Change-Id: Ic35ce71ceac9beb7eb56b50baec938a8e085606c Reviewed-on: https://chromium-review.googlesource.com/207740 Reviewed-by: Randall Spangler --- Makefile | 2 +- futility/cmd_dump_fmap.c | 28 +++++++++++++++++----------- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index 60dd8496..18dc871b 100644 --- a/Makefile +++ b/Makefile @@ -140,7 +140,7 @@ CFLAGS ?= ${COMMON_FLAGS} \ else # FIRMWARE_ARCH not defined; assuming local compile. CC ?= gcc -CFLAGS += -DCHROMEOS_ENVIRONMENT -Wall -Werror # HEY: always want last two? +CFLAGS += -DCHROMEOS_ENVIRONMENT -Wall -Werror ${DEBUG_FLAGS} endif ifneq (${OLDDIR},) diff --git a/futility/cmd_dump_fmap.c b/futility/cmd_dump_fmap.c index fbd96209..bf9e7afd 100644 --- a/futility/cmd_dump_fmap.c +++ b/futility/cmd_dump_fmap.c @@ -26,6 +26,7 @@ static int opt_format = FMT_NORMAL; static int opt_overlap = 0; static char *progname; static void *base_of_rom; +static size_t size_of_rom; static int opt_gaps = 0; @@ -90,18 +91,22 @@ static int dump_fmap(const void *ptr, int argc, char *argv[]) fprintf(stderr, "%s: can't open %s: %s\n", progname, buf, strerror(errno)); retval = 1; + } else if (!ah->area_size) { + fprintf(stderr, "%s: section %s has zero size\n", progname, buf); + } else if (ah->area_offset + ah->area_size > size_of_rom) { + fprintf(stderr, "%s: section %s is larger than the image\n", + progname, buf); + retval = 1; + } else if (1 != fwrite(base_of_rom + ah->area_offset, + ah->area_size, 1, fp)) { + fprintf(stderr, "%s: can't write %s: %s\n", + progname, buf, strerror(errno)); + retval = 1; } else { - if (ah->area_size && - 1 != fwrite(base_of_rom + ah->area_offset, ah->area_size, 1, fp)) { - fprintf(stderr, "%s: can't write %s: %s\n", - progname, buf, strerror(errno)); - retval = 1; - } else { - if (FMT_NORMAL == opt_format) - printf("saved as \"%s\"\n", buf); - } - fclose(fp); + if (FMT_NORMAL == opt_format) + printf("saved as \"%s\"\n", buf); } + fclose(fp); } } @@ -444,8 +449,9 @@ static int do_dump_fmap(int argc, char *argv[]) return 1; } close(fd); /* done with this now */ + size_of_rom = sb.st_size; - fmap = FmapFind((char*) base_of_rom, sb.st_size); + fmap = FmapFind((char*) base_of_rom, size_of_rom); if (fmap) { switch (opt_format) { case FMT_HUMAN: -- cgit v1.2.1