diff options
| author | Mike McTernan <mikemcternan@google.com> | 2023-01-03 23:14:54 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-01-03 23:14:54 +0000 |
| commit | 567c946742607e0b82607ea929781e8f6a52379a (patch) | |
| tree | b291086daee434c1eb73526049137703c4bc449e | |
| parent | 1a9d8554429f172ec76b808c21771f40f901f47f (diff) | |
| parent | 393b236d1070e080025fbca1692446368290d91f (diff) | |
| download | libufdt-567c946742607e0b82607ea929781e8f6a52379a.tar.gz | |
Merge "libufdt: extract_dtb: Check tree is valid before extraction." into tm-qpr-dev am: 393b236d10
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/libufdt/+/20805155
Change-Id: I3f82cb046f7d7a5195e6324d89a6c92bd20903be
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
| -rw-r--r-- | tests/src/extract_dtb.c | 53 |
1 files changed, 33 insertions, 20 deletions
diff --git a/tests/src/extract_dtb.c b/tests/src/extract_dtb.c index 8d74324..30cd1b1 100644 --- a/tests/src/extract_dtb.c +++ b/tests/src/extract_dtb.c @@ -22,8 +22,7 @@ #include "util.h" - -int find_dtb_header_pos(const char *buf, size_t buf_size) { +static int find_dtb_header_pos(const char *buf, size_t buf_size) { if (buf == NULL || buf_size == 0) { return -1; } @@ -44,34 +43,44 @@ int find_dtb_header_pos(const char *buf, size_t buf_size) { return pos; } -int find_and_write_dtb(const char *filename, - const char *buf, size_t buf_size) { +static int find_and_write_dtb(const char *filename, const char *buf, + size_t buf_size) { int tag_pos = find_dtb_header_pos(buf, buf_size); if (tag_pos < 0) { - goto end; + return -1; } + buf_size -= tag_pos; + + // Allocate and copy into new buffer to fix memory alignment + char *fdt_ptr = malloc(buf_size); + if (!fdt_ptr) { + fprintf(stderr, "malloc(%u) failed.\n", buf_size - tag_pos); + goto error; + } + + memcpy(fdt_ptr, buf + tag_pos, buf_size); + // Check FDT header - const char *fdt_ptr = buf + tag_pos; - if (fdt_check_header(fdt_ptr) != 0) { - fprintf(stderr, "Bad DTB header.\n"); - goto end; + if (fdt_check_full(fdt_ptr, buf_size) != 0) { + fprintf(stderr, "Bad DTB.\n"); + goto error; } // Check FDT size and actual size size_t fdt_size = fdt_totalsize(fdt_ptr); - size_t fdt_actual_size = buf_size - tag_pos; - int fdt_size_diff = (int)fdt_actual_size - (int)fdt_size; - if (fdt_size_diff) { - fprintf(stderr, "Wrong size: actual size = %d FDT size = %d(%d)\n", - fdt_actual_size, fdt_size, fdt_size_diff); + if (buf_size < fdt_size) { + fprintf(stderr, + "Wrong size: fdt truncated: buffer size = %zu < FDT size = %zu\n", + buf_size, fdt_size); + goto error; } // Print the DT basic information int root_node_off = fdt_path_offset(fdt_ptr, "/"); if (root_node_off < 0) { fprintf(stderr, "Can not get the root node.\n"); - goto end; + goto error; } printf("Output %s\n", filename); const char *model = @@ -84,16 +93,20 @@ int find_and_write_dtb(const char *filename, // Output DTB file if (write_fdt_to_file(filename, fdt_ptr) != 0) { fprintf(stderr, "Write file error: %s\n", filename); - goto end; + goto error; } -end: + free(fdt_ptr); + return tag_pos; + +error: + if (fdt_ptr) free(fdt_ptr); + return -1; } -int extract_dtbs(const char *in_filename, - const char *out_dtb_filename, - const char *out_image_filename) { +static int extract_dtbs(const char *in_filename, const char *out_dtb_filename, + const char *out_image_filename) { int ret = 1; char *buf = NULL; |