cbfs: Check offset range when reading a file

Add a check that the offset is within the allowed range. Signed-off-by: Simon Glass <sjg@chromium.org> Reported-by: Coverity (CID: 331155)
author: Simon Glass <sjg@chromium.org> 2021-05-13 19:39:27 -0600
committer: Tom Rini <trini@konsulko.com> 2021-07-15 18:42:05 -0400
commit: 99eaf1fcaa260dceea25ed25830498abf70f0728 (patch)
tree: 4ef77f8633898c989cd3b25851e6e00cdead0c43 /fs
parent: 15dd815c75d8d88816231e5e52b03835210cc93e (diff)
download: u-boot-99eaf1fcaa260dceea25ed25830498abf70f0728.tar.gz
u-boot-99eaf1fcaa260dceea25ed25830498abf70f0728.tar.bz2
u-boot-99eaf1fcaa260dceea25ed25830498abf70f0728.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/cbfs/cbfs.c b/fs/cbfs/cbfs.c
index 415ea28b87..3e905c74e5 100644
--- a/fs/cbfs/cbfs.c
+++ b/fs/cbfs/cbfs.c
@@ -167,6 +167,8 @@ static int file_cbfs_next_file(struct cbfs_priv *priv, void *start, int size,
 		}
 
 		swap_file_header(&header, file_header);
+		if (header.offset >= size)
+			return log_msg_ret("range", -E2BIG);
 		ret = fill_node(node, start, &header);
 		if (ret) {
 			priv->result = CBFS_BAD_FILE;
author	Simon Glass <sjg@chromium.org>	2021-05-13 19:39:27 -0600
committer	Tom Rini <trini@konsulko.com>	2021-07-15 18:42:05 -0400
commit	99eaf1fcaa260dceea25ed25830498abf70f0728 (patch)
tree	4ef77f8633898c989cd3b25851e6e00cdead0c43 /fs
parent	15dd815c75d8d88816231e5e52b03835210cc93e (diff)
download	u-boot-99eaf1fcaa260dceea25ed25830498abf70f0728.tar.gz u-boot-99eaf1fcaa260dceea25ed25830498abf70f0728.tar.bz2 u-boot-99eaf1fcaa260dceea25ed25830498abf70f0728.zip