app: aboot: Add check to prevent integer overflow read while parsing cmd_flash_meta_img
Add check to prevent integer overflow while flashing meta images.
Change-Id: Id31ab04034a5f0ca31f401656d2d0d5703ef51e1
Signed-off-by: Ashish Bhimanpalliwar <abhiman@codeaurora.org>
diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
index d2b04fd..df5fa21 100644
--- a/app/aboot/aboot.c
+++ b/app/aboot/aboot.c
@@ -3783,7 +3783,7 @@
return;
}
- if( data_end < ((uintptr_t)data + sizeof(meta_header_t)))
+ if((UINT_MAX - sizeof(meta_header_t) < (uintptr_t)data) || (data_end < ((uintptr_t)data + sizeof(meta_header_t))))
{
fastboot_fail("Cannot flash: image header corrupt");
return;
@@ -3811,7 +3811,7 @@
#endif
meta_header = (meta_header_t*) data;
- if( data_end < ((uintptr_t)data + sizeof(meta_header_t) + meta_header->img_hdr_sz))
+ if(((UINT_MAX - sizeof(meta_header_t) - meta_header->img_hdr_sz) < (uintptr_t)data) || data_end < ((uintptr_t)data + sizeof(meta_header_t) + meta_header->img_hdr_sz))
{
fastboot_fail("Cannot flash: image header corrupt");
return;