Stefan Reinauer ([email protected]) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/1754
-gerrit commit dbeacc647f52a47164d4fd1589e892220910476c Author: Stefan Reinauer <[email protected]> Date: Tue Sep 25 13:30:48 2012 -0700 Fix Segmentation Fault in ifdtool If a section is bigger than the FD file it is injected into, and the FD lies about the size of the FD file, ifdtool would crash because reading in the section writes beyound the FD file in memory. Change-Id: Idcfac2b1e2b5907fad34799e44a8abfd89190fcc Signed-off-by: Stefan Reinauer <[email protected]> --- util/ifdtool/ifdtool.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/util/ifdtool/ifdtool.c b/util/ifdtool/ifdtool.c index 1b418d1..1a8bf85 100644 --- a/util/ifdtool/ifdtool.c +++ b/util/ifdtool/ifdtool.c @@ -397,6 +397,12 @@ void inject_region(char *filename, char *image, int size, int region_type, memset(image + region.base, 0xff, offset); } + if (size < region.base + offset + region_size) { + fprintf(stderr, "Output file is too small. (%d < %d)\n", + size, region.base + offset + region_size); + exit(EXIT_FAILURE); + } + if (read(region_fd, image + region.base + offset, region_size) != region_size) { perror("Could not read file"); -- coreboot mailing list: [email protected] http://www.coreboot.org/mailman/listinfo/coreboot
