From: Simon Glass Date: Fri, 14 May 2021 01:39:27 +0000 (-0600) Subject: cbfs: Check offset range when reading a file X-Git-Tag: v2021.10~101^2~10 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=99eaf1fcaa260dceea25ed25830498abf70f0728;p=platform%2Fkernel%2Fu-boot.git cbfs: Check offset range when reading a file Add a check that the offset is within the allowed range. Signed-off-by: Simon Glass Reported-by: Coverity (CID: 331155) --- diff --git a/fs/cbfs/cbfs.c b/fs/cbfs/cbfs.c index 415ea28b87..3e905c74e5 100644 --- a/fs/cbfs/cbfs.c +++ b/fs/cbfs/cbfs.c @@ -167,6 +167,8 @@ static int file_cbfs_next_file(struct cbfs_priv *priv, void *start, int size, } swap_file_header(&header, file_header); + if (header.offset >= size) + return log_msg_ret("range", -E2BIG); ret = fill_node(node, start, &header); if (ret) { priv->result = CBFS_BAD_FILE;