Snap for 6462456 from f9d00686fe3aca6b153c10699e0950944d1a651b to r-keystone-qcom-release Change-Id: I648e65cce679524f2ff90fdb46956c0ae1a9dcf3

commit: b850b3e15004cebe19e54baf64d75c4660443838 [log] [tgz]
author: Android Build Role Account android-build-prod <android-build-team-robot@google.com> Tue May 05 10:09:43 2020 +0000
committer: Android Build Role Account android-build-prod <android-build-team-robot@google.com> Tue May 05 10:09:43 2020 +0000
tree: af338c6fe470f4ecf8d78cb1d28caf2edbb6bb9a
parent: fbcb912cb409a234ae6f8ea9b4041b8f3bce4e0c [diff]
parent: f9d00686fe3aca6b153c10699e0950944d1a651b [diff]
diff --git a/libavb/avb_descriptor.c b/libavb/avb_descriptor.c
index cfc2aac..7030a40 100644
--- a/libavb/avb_descriptor.c
+++ b/libavb/avb_descriptor.c

@@ -88,6 +88,10 @@
   }
 
   for (p = desc_start; p < desc_end;) {
+    if (p + sizeof(AvbDescriptor) > desc_end) {
+      avb_error("Invalid descriptor length.\n");
+      goto out;
+    }
     const AvbDescriptor* dh = (const AvbDescriptor*)p;
     avb_assert_aligned(dh);
     uint64_t nb_following = avb_be64toh(dh->num_bytes_following);
commit	b850b3e15004cebe19e54baf64d75c4660443838	[log] [tgz]
author	Android Build Role Account android-build-prod <android-build-team-robot@google.com>	Tue May 05 10:09:43 2020 +0000
committer	Android Build Role Account android-build-prod <android-build-team-robot@google.com>	Tue May 05 10:09:43 2020 +0000
tree	af338c6fe470f4ecf8d78cb1d28caf2edbb6bb9a
parent	fbcb912cb409a234ae6f8ea9b4041b8f3bce4e0c [diff]
parent	f9d00686fe3aca6b153c10699e0950944d1a651b [diff]