app:aboot: Validate the contents of Best match DTB entry. Check Best match DTB contents are not resulting in overshoot of DTB contents present in Boot image. Change-Id: I1cc2a9f822da23dac28e3f14da0493c443533a4c CRs-Fixed: 974290

commit: 3c333203301d48018828b5393323131cbe55e29b [log] [tgz]
author: P.V. Phani Kumar <pvphani@codeaurora.org> Wed Mar 09 11:54:37 2016 +0530
committer: Gerrit - the friendly Code Review server <code-review@localhost> Tue Mar 29 08:19:32 2016 -0700
tree: 3a4fc8d7f21cacdfeb94b6958a1ffc6258332041
parent: 8291676d9101ae4044fa68bd599e86a058094bd8 [diff]
diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
index 26ccd57..7e83bc3 100644
--- a/app/aboot/aboot.c
+++ b/app/aboot/aboot.c

@@ -1317,6 +1317,17 @@
 			return -1;
 		}
 
+		if(dt_entry.offset > (UINT_MAX - dt_entry.size)) {
+			dprintf(CRITICAL, "ERROR: Device tree contents are Invalid\n");
+			return -1;
+		}
+
+		/* Ensure we are not overshooting dt_size with the dt_entry selected */
+		if ((dt_entry.offset + dt_entry.size) > hdr->dt_size) {
+			dprintf(CRITICAL, "ERROR: Device tree contents are Invalid\n");
+			return -1;
+		}
+
 		if (is_gzip_package((unsigned char *)dt_table_offset + dt_entry.offset, dt_entry.size))
 		{
 			unsigned int compressed_size = 0;
commit	3c333203301d48018828b5393323131cbe55e29b	[log] [tgz]
author	P.V. Phani Kumar <pvphani@codeaurora.org>	Wed Mar 09 11:54:37 2016 +0530
committer	Gerrit - the friendly Code Review server <code-review@localhost>	Tue Mar 29 08:19:32 2016 -0700
tree	3a4fc8d7f21cacdfeb94b6958a1ffc6258332041
parent	8291676d9101ae4044fa68bd599e86a058094bd8 [diff]