cbfs: Check offset range when reading a file

Add a check that the offset is within the allowed range.

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Coverity (CID: 331155)

diff --git a/fs/cbfs/cbfs.c b/fs/cbfs/cbfs.c
index 415ea28b871d36f95cecf7ee1b3ba46cbb36a39e..3e905c74e58a6404fd9bfb5c518c838604e60764 100644 (file)
--- a/fs/cbfs/cbfs.c
+++ b/fs/cbfs/cbfs.c
@@ -167,6 +167,8 @@ static int file_cbfs_next_file(struct cbfs_priv *priv, void *start, int size,
                }
 
                swap_file_header(&header, file_header);
+               if (header.offset >= size)
+                       return log_msg_ret("range", -E2BIG);
                ret = fill_node(node, start, &header);
                if (ret) {
                        priv->result = CBFS_BAD_FILE;