diff options
author | Nikita Ioffe <ioffe@google.com> | 2020-04-30 16:33:19 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-04-30 16:33:19 +0000 |
commit | 5a2b0ed1b6e360303642ee05e970373fb86ca253 (patch) | |
tree | af338c6fe470f4ecf8d78cb1d28caf2edbb6bb9a | |
parent | 66992bbe1443053afa73bd3d96d91388428e1e4e (diff) | |
parent | b7fe9c3b204c94975335e38f3296b418c1ba9bb0 (diff) | |
download | avb-5a2b0ed1b6e360303642ee05e970373fb86ca253.tar.gz |
Check that there is enough space for AvbDescriptor am: 66872e8dc9 am: b7fe9c3b20android-11.0.0_r48android-11.0.0_r47android-11.0.0_r46android-11.0.0_r45android-11.0.0_r44android-11.0.0_r43android-11.0.0_r42android-11.0.0_r41android-11.0.0_r40android-11.0.0_r39android-11.0.0_r38android-11.0.0_r37android-11.0.0_r36android-11.0.0_r35android-11.0.0_r34android-11.0.0_r33android-11.0.0_r32android-11.0.0_r31android-11.0.0_r30android-11.0.0_r29android-11.0.0_r28android-11.0.0_r27android-11.0.0_r26android-11.0.0_r24android-11.0.0_r23android-11.0.0_r22android-11.0.0_r21android-11.0.0_r20android-11.0.0_r19android-11.0.0_r18android11-qpr3-s1-releaseandroid11-qpr3-releaseandroid11-qpr2-releaseandroid11-qpr1-s2-releaseandroid11-qpr1-s1-releaseandroid11-qpr1-releaseandroid11-qpr1-d-s1-releaseandroid11-qpr1-d-releaseandroid11-qpr1-c-releaseandroid11-d2-release
Change-Id: I1026408b77b9925fd94f1d785b3dc8ed121046ae
-rw-r--r-- | libavb/avb_descriptor.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/libavb/avb_descriptor.c b/libavb/avb_descriptor.c index cfc2aac..7030a40 100644 --- a/libavb/avb_descriptor.c +++ b/libavb/avb_descriptor.c @@ -88,6 +88,10 @@ bool avb_descriptor_foreach(const uint8_t* image_data, } for (p = desc_start; p < desc_end;) { + if (p + sizeof(AvbDescriptor) > desc_end) { + avb_error("Invalid descriptor length.\n"); + goto out; + } const AvbDescriptor* dh = (const AvbDescriptor*)p; avb_assert_aligned(dh); uint64_t nb_following = avb_be64toh(dh->num_bytes_following); |