Firmware binaries may lack section headers, in which case
the e_shentsize field in the ELF header can be zero.
Update mdt_header_valid() to correctly handle this scenario
by adjusting the validation logic accordingly.
Fixes: 9f9967fed9d0 ("soc: qcom: mdt_loader: Ensure we don't read past the ELF
header")
Reviewed-by: Dmitry Baryshkov <[email protected]>
Signed-off-by: Mukesh Ojha <[email protected]>
---
Changes in v2:
- Make this patch as first patch of the series.
- Added R-b tag
drivers/soc/qcom/mdt_loader.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c
index 0ca268bdf1f8..2a14ba9b0fb6 100644
--- a/drivers/soc/qcom/mdt_loader.c
+++ b/drivers/soc/qcom/mdt_loader.c
@@ -39,7 +39,7 @@ static bool mdt_header_valid(const struct firmware *fw)
if (phend > fw->size)
return false;
- if (ehdr->e_shentsize != sizeof(struct elf32_shdr))
+ if (ehdr->e_shentsize && ehdr->e_shentsize != sizeof(struct elf32_shdr))
return false;
shend = size_add(size_mul(sizeof(struct elf32_shdr), ehdr->e_shnum),
ehdr->e_shoff);
--
2.50.1
