Re: [linux-sunxi] Re: [PATCH 1/2] sunxi-tools: prevent possible out-of-bounds memory access

Fri, 21 Aug 2015 00:39:12 -0700 

Hi,

On 21-08-15 03:34, Siarhei Siamashka wrote:

On Thu, 20 Aug 2015 14:24:33 +0200
Bernhard Nortmann <bernhard.nortm...@web.de> wrote:


This patch is to prevent the call to aw_fel_write_uboot_image() with
insufficient file size. If a user passes a boot file smaller than 32K,
e.g. on "fel spl sunxi-spl.bin", the expression (size - SPL_LEN_LIMIT)
would end up negative, and causes a numeric underflow when passed to
aw_fel_write_uboot_image() as "size_t len". This might incorrectly let
that function assume a u-boot binary was passed, when actually it
isn't supposed to act on the buffer at all.

Signed-off-by: Bernhard Nortmann <bernhard.nortm...@web.de>


Thanks, looks good. There is just one minor annoyance.


---
  fel.c | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fel.c b/fel.c
index 41b19c9..a5cb99d 100644
--- a/fel.c
+++ b/fel.c
@@ -815,7 +815,8 @@ void aw_fel_process_spl_and_uboot(libusb_device_handle *usb,
        /* write and execute the SPL from the buffer */
        aw_fel_write_and_execute_spl(usb, buf, size);
        /* check for optional main U-Boot binary (and transfer it, if 
applicable) */
-       aw_fel_write_uboot_image(usb, buf + SPL_LEN_LIMIT, size - 
SPL_LEN_LIMIT);
+       if (size > SPL_LEN_LIMIT)


My compiler happens to be anal about this:

fel.c: In function ‘aw_fel_process_spl_and_uboot’:
fel.c:838:11: warning: comparison between signed and unsigned integer
expressions [-Wsign-compare] if (size > SPL_LEN_LIMIT)
            ^

This warning can be suppressed by changing:

-static const int SPL_LEN_LIMIT = 0x8000;
+#define SPL_LEN_LIMIT 0x8000

Also I think that a common naming convention when writing C code
is to reserve uppercase identifiers for macros.



+               aw_fel_write_uboot_image(usb, buf + SPL_LEN_LIMIT, size - 
SPL_LEN_LIMIT);
  }

  static int aw_fel_get_endpoint(libusb_device_handle *usb)


If the compiler warning is removed, then this is
Acked-by: Siarhei Siamashka <siarhei.siamas...@gmail.com>

There is no need to re-send the patch for the "static const int" to
"define" change. I can do this adjustment when pushing it to git in
a day or two (unless anybody has objections).


No objections from me, please push these fixes.

Regards,

Hans

--
You received this message because you are subscribed to the Google Groups 
"linux-sunxi" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to linux-sunxi+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to