Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / lk / d14bb4dd336161b17dcc4a3c51b43a5a467754c9^! / . / app / aboot / aboot.c
commitd14bb4dd336161b17dcc4a3c51b43a5a467754c9[log] [tgz]
authorDeepa Dinamani <deepad@codeaurora.org>Fri Jul 12 17:28:29 2013 -0700
committerDeepa Dinamani <deepad@codeaurora.org>Thu Jul 25 14:57:16 2013 -0700
tree03d3f9a13029b42af150b86cbcb371930176b024
parent23b60d464d7ac4d2a740a0fdf957959cd72187d4 [diff] [blame]
app: aboot: Add checks for overlapping aboot addresses with device read buffers.

CRs-Fixed: 491421

Change-Id: Id2ca648ff9272994b24f6743a25c7c31e4e5d075

diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
index 71d6abe..24eec54 100644
--- a/app/aboot/aboot.c
+++ b/app/aboot/aboot.c

@@ -706,7 +706,7 @@
 		dt_actual = ROUND_TO_PAGE(hdr->dt_size, page_mask);
 		imagesize_actual = (page_size + kernel_actual + ramdisk_actual + dt_actual);
 
-		if (check_aboot_addr_range_overlap(hdr->tags_addr, hdr->dt_size))
+		if (check_aboot_addr_range_overlap(hdr->tags_addr, dt_actual))
 		{
 			dprintf(CRITICAL, "Device tree addresses overlap with aboot addresses.\n");
 			return -1;
@@ -719,6 +719,12 @@
 		dprintf(INFO, "Loading boot image (%d): start\n", imagesize_actual);
 		bs_set_timestamp(BS_KERNEL_LOAD_START);
 
+		if (check_aboot_addr_range_overlap(image_addr, imagesize_actual))
+		{
+			dprintf(CRITICAL, "Boot image buffer address overlaps with aboot addresses.\n");
+			return -1;
+		}
+
 		/* Read image without signature */
 		if (mmc_read(ptn + offset, (void *)image_addr, imagesize_actual))
 		{
@@ -730,6 +736,13 @@
 		bs_set_timestamp(BS_KERNEL_LOAD_DONE);
 
 		offset = imagesize_actual;
+
+		if (check_aboot_addr_range_overlap(image_addr + offset, page_size))
+		{
+			dprintf(CRITICAL, "Signature read buffer address overlaps with aboot addresses.\n");
+			return -1;
+		}
+
 		/* Read signature */
 		if(mmc_read(ptn + offset, (void *)(image_addr + offset), page_size))
 		{