mail archive of the barebox mailing list
 help / color / mirror / Atom feed
* [PATCH v5] common: buffer access out-of-bounds
@ 2024-10-18 17:13 Abdelrahman Youssef via B4 Relay
  2024-10-21  5:48 ` Sascha Hauer
  0 siblings, 1 reply; 2+ messages in thread
From: Abdelrahman Youssef via B4 Relay @ 2024-10-18 17:13 UTC (permalink / raw)
  To: Sascha Hauer, BAREBOX; +Cc: Abdelrahman Youssef

From: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>

in file_detect_type() to detect file of type socfpga_xload you need at least
68 bytes bytes, so we need to check if we have enough bufsize.
So I moved it after checking if `bufsize >= 256`.

Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
---
This patch is a replacement of the last one because there were some issues with it
---
To: Sascha Hauer <s.hauer@pengutronix.de>
To: open list:BAREBOX <barebox@lists.infradead.org>
Signed-off-by: Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>
---
Changes in v5:
Removed leading spaces that misaliged the code in v3
---
 common/filetype.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/common/filetype.c b/common/filetype.c
index 3690d4ae07..67ae4916d1 100644
--- a/common/filetype.c
+++ b/common/filetype.c
@@ -374,9 +374,6 @@ enum filetype file_detect_type(const void *_buf, size_t bufsize)
 	if (le32_to_cpu(buf[5]) == 0x504d5453)
 		return filetype_mxs_bootstream;
 
-	if (buf[16] == 0x31305341)
-		return filetype_socfpga_xload;
-
 	if (is_barebox_arm_head(_buf))
 		return filetype_arm_barebox;
 	if (buf[9] == 0x016f2818 || buf[9] == 0x18286f01)
@@ -388,6 +385,9 @@ enum filetype file_detect_type(const void *_buf, size_t bufsize)
 	if (bufsize < 256)
 		return filetype_unknown;
 
+	if (buf[16] == 0x31305341)
+		return filetype_socfpga_xload;
+
 	if (strncmp(buf8, "STM\x32", 4) == 0) {
 		if (buf8[74] == 0x01) {
 			switch(le32_to_cpu(buf[63])) {

---
base-commit: 9d47ff66c3892c5a6ddd4704993365a797fbeb68
change-id: 20241018-overflow-dc42def7e4f6

Best regards,
-- 
Abdelrahman Youssef <abdelrahmanyossef12@gmail.com>





^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH v5] common: buffer access out-of-bounds
  2024-10-18 17:13 [PATCH v5] common: buffer access out-of-bounds Abdelrahman Youssef via B4 Relay
@ 2024-10-21  5:48 ` Sascha Hauer
  0 siblings, 0 replies; 2+ messages in thread
From: Sascha Hauer @ 2024-10-21  5:48 UTC (permalink / raw)
  To: BAREBOX, Abdelrahman Youssef via B4 Relay; +Cc: Abdelrahman Youssef


On Fri, 18 Oct 2024 20:13:31 +0300, Abdelrahman Youssef via B4 Relay wrote:
> in file_detect_type() to detect file of type socfpga_xload you need at least
> 68 bytes bytes, so we need to check if we have enough bufsize.
> So I moved it after checking if `bufsize >= 256`.
> 
> 

Applied, thanks!

[1/1] common: buffer access out-of-bounds
      https://git.pengutronix.de/cgit/barebox/commit/?id=dda64a15ea02 (link may not be stable)

Best regards,
-- 
Sascha Hauer <s.hauer@pengutronix.de>




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-10-21  5:49 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-18 17:13 [PATCH v5] common: buffer access out-of-bounds Abdelrahman Youssef via B4 Relay
2024-10-21  5:48 ` Sascha Hauer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox