[Qemu-devel] [PATCH] device_tree: check device tree blob file size

P J P Fri, 22 Mar 2019 00:52:24 -0700

From: Prasad J Pandit <p...@fedoraproject.org>

Device tree blob(dtb) file can not be larger than 2MB in size.[*]
Add check to avoid loading large dtb files in load_device_tree(),
and potential integer(dt_size) overflow.


[*] linux.git/tree/Documentation/arm64/booting.txt

Reported-by: Kurtis Miller <kurtis.mil...@nccgroup.com>
Signed-off-by: Prasad J Pandit <p...@fedoraproject.org>
---
 device_tree.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/device_tree.c b/device_tree.c
index 296278e12a..9059ee5545 100644
--- a/device_tree.c
+++ b/device_tree.c
@@ -79,9 +79,9 @@ void *load_device_tree(const char *filename_path, int *sizep)
 
     *sizep = 0;
     dt_size = get_image_size(filename_path);
-    if (dt_size < 0) {
-        error_report("Unable to get size of device tree file '%s'",
-                     filename_path);
+    if (dt_size < 0 || dt_size > FDT_MAX_SIZE) {
+        error_report("Invalid size of device tree file: %s: %d",
+                     filename_path, dt_size);
         goto fail;
     }
 
-- 
2.20.1

[Qemu-devel] [PATCH] device_tree: check device tree blob file size

Reply via email to