cbfs: Check offset range when reading a file

Add a check that the offset is within the allowed range. Signed-off-by: N Simon Glass <sjg@chromium.org> Reported-by: Coverity (CID: 331155)

cbfs: Check offset range when reading a file
Add a check that the offset is within the allowed range. Signed-off-by: N Simon Glass <sjg@chromium.org> Reported-by: Coverity (CID: 331155)
99eaf1fc · Simon Glass · Tom Rini · 15dd815c · 99eaf1fc
隐藏空白更改
内联并排

Showing with 2 addition and 0 deletion

fs/cbfs/cbfs.c fs/cbfs/cbfs.c +2 -0

未找到文件。
--- a/fs/cbfs/cbfs.c
+++ b/fs/cbfs/cbfs.c
@@ -167,6 +167,8 @@ static int file_cbfs_next_file(struct cbfs_priv *priv, void *start, int size,
 		}

 		swap_file_header(&header, file_header);
+		if (header.offset >= size)
+			return log_msg_ret("range", -E2BIG);
 		ret = fill_node(node, start, &header);
 		if (ret) {
 			priv->result = CBFS_BAD_FILE;