From: Mikhail Ilin Date: Tue, 22 Nov 2022 09:34:26 +0000 (+0300) Subject: tools: imximage: Fix check array index X-Git-Tag: v2025.01-rc5-pxa1908~1126^2~64 X-Git-Url: http://git.dujemihanovic.xyz/%22/img/sics.gif/%22/static/git-favicon.png?a=commitdiff_plain;h=507a70b1447ae389c614ac3d04ae853922935898;p=u-boot.git tools: imximage: Fix check array index The struct dcd_v1_t is initialized to MAX_HW_CFG_SIZE_V1 (60) structs 'dcd_type_addr_data_t', so the indexes to use on its elements are [0,59]. But on line 478, the variable 'length' can take on the value 60, which applies to array overflow: cd_v1->addr_data[length].type Thus, it is necessary to tighten the check on the 'size' variable on line 463. Fixes: 0b0c6af38738 ("Prepare v2020.01") Signed-off-by: Mikhail Ilin --- diff --git a/tools/imximage.c b/tools/imximage.c index 5c23fba3b1..354ee34c14 100644 --- a/tools/imximage.c +++ b/tools/imximage.c @@ -460,7 +460,7 @@ static void print_hdr_v1(struct imx_header *imx_hdr) uint32_t size, length, ver; size = dcd_v1->preamble.length; - if (size > (MAX_HW_CFG_SIZE_V1 * sizeof(dcd_type_addr_data_t))) { + if (size >= (MAX_HW_CFG_SIZE_V1 * sizeof(dcd_type_addr_data_t))) { fprintf(stderr, "Error: Image corrupt DCD size %d exceed maximum %d\n", (uint32_t)(size / sizeof(dcd_type_addr_data_t)),