Merge "app: aboot: add size check when flashing on NAND"
diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
index 74e17e0..4407631 100644
--- a/app/aboot/aboot.c
+++ b/app/aboot/aboot.c
@@ -3166,6 +3166,7 @@
struct ptentry *ptn;
struct ptable *ptable;
unsigned extra = 0;
+ uint64_t partition_size = 0;
ptable = flash_get_ptable();
if (ptable == NULL) {
@@ -3197,6 +3198,17 @@
else
sz = ROUND_TO_PAGE(sz, page_mask);
+ partition_size = (uint64_t)ptn->length * (uint64_t)flash_num_pages_per_blk() * (uint64_t)flash_page_size();
+ if (partition_size > UINT_MAX) {
+ fastboot_fail("Invalid partition size");
+ return;
+ }
+
+ if (sz > partition_size) {
+ fastboot_fail("Image size too large");
+ return;
+ }
+
dprintf(INFO, "writing %d bytes to '%s'\n", sz, ptn->name);
if (!memcmp((void *)data, UBI_MAGIC, UBI_MAGIC_SIZE)) {
if (flash_ubi_img(ptn, data, sz)) {
diff --git a/include/dev/flash.h b/include/dev/flash.h
index 9c41561..f908db8 100644
--- a/include/dev/flash.h
+++ b/include/dev/flash.h
@@ -77,6 +77,8 @@
{
return flash_read_ext(ptn, 0, offset, data, bytes);
}
+
+unsigned flash_num_pages_per_blk(void);
unsigned flash_page_size(void);
unsigned flash_block_size(void);
unsigned flash_spare_size(void);
diff --git a/platform/msm_shared/qpic_nand.c b/platform/msm_shared/qpic_nand.c
index baba30d..3fec647 100644
--- a/platform/msm_shared/qpic_nand.c
+++ b/platform/msm_shared/qpic_nand.c
@@ -1378,6 +1378,12 @@
}
unsigned
+flash_num_pages_per_blk(void)
+{
+ return flash.num_pages_per_blk;
+}
+
+unsigned
flash_spare_size(void)
{
return flash.spare_size;