GNUBoot
/
coreboot-kgpe-d16
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* guard all mallocs in cbfstool 

* fix an issue that could lead to cbfstool writing outside of its allocated
  memory 

Signed-off-by: Stefan Reinauer <stepan@coresystems.de>
Acked-by: Peter Stuge <peter@stuge.se>



git-svn-id: svn://svn.coreboot.org/coreboot/trunk@4653 2b7e53f0-3cfb-0310-b3e9-8179ed1497e1
This commit is contained in:
Stefan Reinauer 2009-09-22 15:55:01 +00:00 committed by Stefan Reinauer
parent 0e0655e6ef
commit 853270af39
2 changed files with 27 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
util/cbfstool/common.c
View File

@ -36,10 +36,16 @@ void *loadfile(const char *filename, uint32_t * romsize_p, void *content,
fseek(file, 0, SEEK_END); fseek(file, 0, SEEK_END);
*romsize_p = ftell(file); *romsize_p = ftell(file);
fseek(file, 0, SEEK_SET); fseek(file, 0, SEEK_SET);
if (!content) if (!content) {
content = malloc(*romsize_p); content = malloc(*romsize_p);
else if (place == SEEK_END) if (!content) {
printf("Could not get %d bytes for file %s\n",
*romsize_p, filename);
exit(1);
}
} else if (place == SEEK_END)
content -= *romsize_p; content -= *romsize_p;
if (!fread(content, *romsize_p, 1, file)) { if (!fread(content, *romsize_p, 1, file)) {
printf("failed to read %s\n", filename); printf("failed to read %s\n", filename);
return NULL; return NULL;
@ -255,6 +261,11 @@ void *create_cbfs_file(const char *filename, void *data, uint32_t * datasize,
*location -= headersize; *location -= headersize;
} }
void *newdata = malloc(*datasize + headersize); void *newdata = malloc(*datasize + headersize);
if (!newdata) {
printf("Could not get %d bytes for CBFS file.\n", *datasize +
headersize);
exit(1);
}
struct cbfs_file *nextfile = (struct cbfs_file *)newdata; struct cbfs_file *nextfile = (struct cbfs_file *)newdata;
strncpy(nextfile->magic, "LARCHIVE", 8); strncpy(nextfile->magic, "LARCHIVE", 8);
nextfile->len = htonl(*datasize); nextfile->len = htonl(*datasize);
@ -272,8 +283,15 @@ int create_cbfs_image(const char *romfile, uint32_t _romsize,
{ {
romsize = _romsize; romsize = _romsize;
unsigned char *romarea = malloc(romsize); unsigned char *romarea = malloc(romsize);
if (!romarea) {
printf("Could not get %d bytes of memory for CBFS image.\n",
romsize);
exit(1);
}
memset(romarea, 0xff, romsize); memset(romarea, 0xff, romsize);
recalculate_rom_geometry(romarea);
// Set up physical/virtual mapping
offset = romarea + romsize - 0x100000000ULL;
if (align == 0) if (align == 0)
align = 64; align = 64;
@ -291,6 +309,9 @@ int create_cbfs_image(const char *romfile, uint32_t _romsize,
master_header->offset = htonl(0); master_header->offset = htonl(0);
((uint32_t *) phys_to_virt(0xfffffffc))[0] = ((uint32_t *) phys_to_virt(0xfffffffc))[0] =
virt_to_phys(master_header); virt_to_phys(master_header);
recalculate_rom_geometry(romarea);
struct cbfs_file *one_empty_file = struct cbfs_file *one_empty_file =
cbfs_create_empty_file((0 - romsize) & 0xffffffff, cbfs_create_empty_file((0 - romsize) & 0xffffffff,
romsize - bootblocksize - romsize - bootblocksize -

4
util/cbfstool/common.h
View File

@ -29,7 +29,7 @@ static void *phys_to_virt(uint32_t addr)
static uint32_t virt_to_phys(void *addr) static uint32_t virt_to_phys(void *addr)
{ {
return (long)(addr - offset) & 0xffffffff; return (unsigned long)(addr - offset) & 0xffffffff;
} }
#define ALIGN(val, by) (((val) + (by)-1)&~((by)-1)) #define ALIGN(val, by) (((val) + (by)-1)&~((by)-1))
@ -61,3 +61,5 @@ int create_cbfs_image(const char *romfile, uint32_t romsize,
int add_file_to_cbfs(void *content, uint32_t contentsize, uint32_t location); int add_file_to_cbfs(void *content, uint32_t contentsize, uint32_t location);
void print_cbfs_directory(const char *filename); void print_cbfs_directory(const char *filename);
#define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))