On Thu Aug 28, 2025 at 6:50 AM JST, John Hubbard wrote:
> On 8/27/25 1:47 AM, Alexandre Courbot wrote:
>> On Wed Aug 27, 2025 at 10:34 AM JST, John Hubbard wrote:
>> <snip>
>>>> + /// Returns the data payload of the firmware, or `None` if the data
>>>> range is out of bounds of
>>>> + /// the firmware image.
>>>> + fn data(&self) -> Option<&[u8]> {
>>>> + let fw_start = self.hdr.data_offset as usize;
>>>> + let fw_size = self.hdr.data_size as usize;
>>>> +
>>>> + self.fw.get(fw_start..fw_start + fw_size)
>>>
>>> This worries me a bit, because we never checked that these bounds
>>> are reasonable: within the range of the firmware, and not overflowing
>>> (.checked_add() for example), that sort of thing.
>>>
>>> Thoughts?
>>
>> `get` returns `None` if the requested slice is out of bounds, so there
>> should be no risk of panicking here.
>
> I was wondering about the bounds themselves, though. Couldn't they
> be wrong? (Do we care?)
Not sure what you mean by wrong bounds here? Do you mean what if the
header data is incorrect?
