Author: stepan Date: 2009-09-22 17:55:01 +0200 (Tue, 22 Sep 2009) New Revision: 4653
Modified: trunk/coreboot-v2/util/cbfstool/common.c trunk/coreboot-v2/util/cbfstool/common.h Log: * guard all mallocs in cbfstool * fix an issue that could lead to cbfstool writing outside of its allocated memory
Signed-off-by: Stefan Reinauer stepan@coresystems.de Acked-by: Peter Stuge peter@stuge.se
Modified: trunk/coreboot-v2/util/cbfstool/common.c =================================================================== --- trunk/coreboot-v2/util/cbfstool/common.c 2009-09-22 15:53:54 UTC (rev 4652) +++ trunk/coreboot-v2/util/cbfstool/common.c 2009-09-22 15:55:01 UTC (rev 4653) @@ -36,10 +36,16 @@ fseek(file, 0, SEEK_END); *romsize_p = ftell(file); fseek(file, 0, SEEK_SET); - if (!content) + if (!content) { content = malloc(*romsize_p); - else if (place == SEEK_END) + if (!content) { + printf("Could not get %d bytes for file %s\n", + *romsize_p, filename); + exit(1); + } + } else if (place == SEEK_END) content -= *romsize_p; + if (!fread(content, *romsize_p, 1, file)) { printf("failed to read %s\n", filename); return NULL; @@ -255,6 +261,11 @@ *location -= headersize; } void *newdata = malloc(*datasize + headersize); + if (!newdata) { + printf("Could not get %d bytes for CBFS file.\n", *datasize + + headersize); + exit(1); + } struct cbfs_file *nextfile = (struct cbfs_file *)newdata; strncpy(nextfile->magic, "LARCHIVE", 8); nextfile->len = htonl(*datasize); @@ -272,9 +283,16 @@ { romsize = _romsize; unsigned char *romarea = malloc(romsize); + if (!romarea) { + printf("Could not get %d bytes of memory for CBFS image.\n", + romsize); + exit(1); + } memset(romarea, 0xff, romsize); - recalculate_rom_geometry(romarea);
+ // Set up physical/virtual mapping + offset = romarea + romsize - 0x100000000ULL; + if (align == 0) align = 64;
@@ -291,6 +309,9 @@ master_header->offset = htonl(0); ((uint32_t *) phys_to_virt(0xfffffffc))[0] = virt_to_phys(master_header); + + recalculate_rom_geometry(romarea); + struct cbfs_file *one_empty_file = cbfs_create_empty_file((0 - romsize) & 0xffffffff, romsize - bootblocksize -
Modified: trunk/coreboot-v2/util/cbfstool/common.h =================================================================== --- trunk/coreboot-v2/util/cbfstool/common.h 2009-09-22 15:53:54 UTC (rev 4652) +++ trunk/coreboot-v2/util/cbfstool/common.h 2009-09-22 15:55:01 UTC (rev 4653) @@ -29,7 +29,7 @@
static uint32_t virt_to_phys(void *addr) { - return (long)(addr - offset) & 0xffffffff; + return (unsigned long)(addr - offset) & 0xffffffff; }
#define ALIGN(val, by) (((val) + (by)-1)&~((by)-1)) @@ -61,3 +61,5 @@
int add_file_to_cbfs(void *content, uint32_t contentsize, uint32_t location); void print_cbfs_directory(const char *filename); + +#define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))