-
Currently, 'dtimg' allows users to check indexes equal to dt_entry_count [1]. Forbid that [2]. [1] Behavior w/o the patch: => ext2load mmc 0:1 0x48000000 dtb.img 105695 bytes read in 5 ms (20.2 MiB/s) => dtimg dump 0x48000000 dt_table_header: magic = d7b7ab1e total_size = 105695 header_size = 32 dt_entry_size = 32 dt_entry_count = 2 dt_entries_offset = 32 page_size = 4096 version = 0 dt_table_entry[0]: dt_size = 105599 dt_offset = 96 id = 0b779520 rev = 00000000 custom[0] = 00000000 custom[1] = 00000000 custom[2] = 00000000 custom[3] = 00000000 (FDT)size = 105599 (FDT)compatible = shimafuji,kingfisher dt_table_entry[1]: dt_size = 105599 dt_offset = 96 id = 0b779530 rev = 00000000 custom[0] = 00000000 custom[1] = 00000000 custom[2] = 00000000 custom[3] = 00000000 (FDT)size = 105599 (FDT)compatible = shimafuji,kingfisher => dtimg size 0x48000000 0 z; print z z=19c7f => dtimg size 0x48000000 1 z; print z z=19c7f => dtimg size 0x48000000 2 z; print z z=d00dfeed => dtimg size 0x48000000 3 z Error: index > dt_entry_count (3 > 2) [2] Behavior with the patch: => dtimg size 0x48000000 0 z; print z z=19c7f => dtimg size 0x48000000 1 z; print z z=19c7f => dtimg size 0x48000000 2 z Error: index >= dt_entry_count (2 >= 2) Fixes: c0447334 ("common: Add support for Android DT image") Signed-off-by:Eugeniu Rosca <erosca@de.adit-jv.com>
e63bf1b1
