From 3f837b06b76d06189055a0fcdaee4d31c7758d9e Mon Sep 17 00:00:00 2001
From: =?utf8?q?Pali=20Roh=C3=A1r?= <pali@kernel.org>
Date: Sun, 29 Jan 2023 17:44:10 +0100
Subject: [PATCH] tools: default_image: Verify header size
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Before reading image header, verify that image size is at least size of
the image header.

Signed-off-by: Pali Rohár <pali@kernel.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 tools/default_image.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/default_image.c b/tools/default_image.c
index 0ac3382003..ec723f97b7 100644
--- a/tools/default_image.c
+++ b/tools/default_image.c
@@ -50,6 +50,12 @@ static int image_verify_header(unsigned char *ptr, int image_size,
 	struct legacy_img_hdr header;
 	struct legacy_img_hdr *hdr = &header;
 
+	if (image_size < sizeof(struct legacy_img_hdr)) {
+		debug("%s: Bad image size: \"%s\" is no valid image\n",
+		      params->cmdname, params->imagefile);
+		return -FDT_ERR_BADSTRUCTURE;
+	}
+
 	/*
 	 * create copy of header so that we can blank out the
 	 * checksum field for checking - this can't be done
-- 
2.39.5