On Tue, Jun 10, 2025 at 09:58:28PM -0500, Bjorn Andersson wrote:
> When the MDT loader is used in remoteproc, the ELF header is sanitized
> beforehand, but that's not necessary the case for other clients.
>
> Validate the size of the firmware buffer to ensure that we don't read
> past the end as we iterate over the header. e_phentsize and e_shentsize
> are validated as well, to ensure that the assumptions about step size in
> the traversal are valid.
>
> Fixes: 2aad40d911ee ("remoteproc: Move qcom_mdt_loader into drivers/soc/qcom")
> Cc: <sta...@vger.kernel.org>
> Reported-by: Doug Anderson <diand...@chromium.org>
> Signed-off-by: Bjorn Andersson <bjorn.anders...@oss.qualcomm.com>
> ---
> drivers/soc/qcom/mdt_loader.c | 43
> +++++++++++++++++++++++++++++++++++++++++++
Reviewed-by: Dmitry Baryshkov <dmitry.barysh...@oss.qualcomm.com>
Nit: in theory we don't need to validate section headers since we don't
use them in the loader. However it's better be safe than sorry.
> 1 file changed, 43 insertions(+)
>
--
With best wishes
Dmitry
