On Tue, Jun 10, 2025 at 09:58:28PM -0500, Bjorn Andersson wrote:
> When the MDT loader is used in remoteproc, the ELF header is sanitized
> beforehand, but that's not necessary the case for other clients.
>
> Validate the size of the firmware buffer to ensure that we don't read
> past the end as we iterate over the header. e_phentsize and e_shentsize
> are validated as well, to ensure that the assumptions about step size in
> the traversal are valid.
>
> Fixes: 2aad40d911ee ("remoteproc: Move qcom_mdt_loader into drivers/soc/qcom")
> Cc: <[email protected]>
> Reported-by: Doug Anderson <[email protected]>
> Signed-off-by: Bjorn Andersson <[email protected]>
> ---
> drivers/soc/qcom/mdt_loader.c | 43
> +++++++++++++++++++++++++++++++++++++++++++
Reviewed-by: Dmitry Baryshkov <[email protected]>
Nit: in theory we don't need to validate section headers since we don't
use them in the loader. However it's better be safe than sorry.
> 1 file changed, 43 insertions(+)
>
--
With best wishes
Dmitry
