apps: aboot: Add check to prevent buffer overread in cmd_flash_mmc_img Add check to confirm the size of given image is greater than BOOT_MAGIC_SIZE which unchecked may cause OOB error while flashing boot/recovery images on emmc targets. Change-Id: I6e8c104641262e2d0c443294bb82af360c298972 Signed-off-by: Ashish Bhimanpalliwar <abhiman@codeaurora.org>

commit: 84f7db946b7277596a684c3ed82521be63586de3 [log] [tgz]
author: Ashish Bhimanpalliwar <abhiman@codeaurora.org> Wed Sep 23 11:59:16 2020 +0530
committer: Gerrit - the friendly Code Review server <code-review@localhost> Sun Oct 11 00:15:27 2020 -0700
tree: 3fc02508352b7cb7e4f8b8a61b2e3e481b336344
parent: d57423fd24b586924ea0b98f761d0bd8bd873fd3 [diff]
diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
index d2b04fd..16795e6 100644
--- a/app/aboot/aboot.c
+++ b/app/aboot/aboot.c

@@ -3734,7 +3734,7 @@
 			if (!strncmp(pname, "boot", strlen("boot"))
 					|| !strcmp(pname, "recovery"))
 			{
-				if (memcmp((void *)data, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {
+				if ((sz < BOOT_MAGIC_SIZE) || memcmp((void *)data, BOOT_MAGIC, BOOT_MAGIC_SIZE)) {
 					fastboot_fail("image is not a boot image");
 					return;
 				}
commit	84f7db946b7277596a684c3ed82521be63586de3	[log] [tgz]
author	Ashish Bhimanpalliwar <abhiman@codeaurora.org>	Wed Sep 23 11:59:16 2020 +0530
committer	Gerrit - the friendly Code Review server <code-review@localhost>	Sun Oct 11 00:15:27 2020 -0700
tree	3fc02508352b7cb7e4f8b8a61b2e3e481b336344
parent	d57423fd24b586924ea0b98f761d0bd8bd873fd3 [diff]