Merge "avb: Remove use of malloc for disable verification"
diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
index bb8e77d..a16f083 100644
--- a/app/aboot/aboot.c
+++ b/app/aboot/aboot.c
@@ -4577,7 +4577,11 @@
fb_display = fbcon_display();
if (fb_display) {
- if (header->type && (header->blocks != 0)) { // RLE24 compressed data
+ if (header->type && (header->blocks != 0) &&
+ (UINT_MAX >= header->blocks * 512) &&
+ ((header->blocks * 512) <= (fb_display->width *
+ fb_display->height * (fb_display->bpp / 8)))) {
+ /* RLE24 compressed data */
uint8_t *base = (uint8_t *) fb_display->base + LOGO_IMG_OFFSET;
/* if the logo is full-screen size, remove "fbcon_clear()" */
@@ -4674,7 +4678,11 @@
}
if (fb_display) {
- if (header->type && (header->blocks != 0)) { /* 1 RLE24 compressed data */
+ if (header->type && (header->blocks != 0) &&
+ (UINT_MAX >= header->blocks * 512 + LOGO_IMG_HEADER_SIZE) &&
+ ((header->blocks * 512) <= (fb_display->width *
+ fb_display->height * (fb_display->bpp / 8)))) {
+ /* 1 RLE24 compressed data */
base += LOGO_IMG_OFFSET;
realsize = header->blocks * 512;