[Crosstoolchain-logs] [device-tree-compiler] 55/57: fdtoverlay: Sanity check blob size

[Vagrant Cascadian]

This is an automated email from the git hooks/post-receive script.

vagrant pushed a commit to branch upstream/latest
in repository device-tree-compiler.

commit b6a6f9490d19317200f2b23a5934ed32797734b8
Author: David Gibson <david at gibson.dropbear.id.au>
Date:   Wed Sep 27 19:44:50 2017 +1000

    fdtoverlay: Sanity check blob size
    
    The fdtoverlay utility reads in the base fdt blob, then expands it to make
    room for all the overlays requested.  However, it uses the totalsize field
    of the base blob without verifying that it actually read all of it in (it's
    possible the blob file could have been truncated).
    
    Signed-off-by: David Gibson <david at gibson.dropbear.id.au>
---
 fdtoverlay.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/fdtoverlay.c b/fdtoverlay.c
index 9c5618c..7f124fc 100644
--- a/fdtoverlay.c
+++ b/fdtoverlay.c
@@ -27,6 +27,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <alloca.h>
+#include <inttypes.h>
 
 #include <libfdt.h>
 
@@ -69,6 +70,12 @@ static int do_fdtoverlay(const char *input_filename,
 				input_filename);
 		goto out_err;
 	}
+	if (fdt_totalsize(blob) > blob_len) {
+		fprintf(stderr,
+ "\nBase blob is incomplete (%lu / %" PRIu32 " bytes read)\n",
+			(unsigned long)blob_len, fdt_totalsize(blob));
+		goto out_err;
+	}
 	ret = 0;
 
 	/* allocate blob pointer array */

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/crosstoolchain/device-tree-compiler.git