From c04d68c69458526d30bd542ff2f8f83cc20ccfc5 Mon Sep 17 00:00:00 2001
From: Stephen Warren <swarren@nvidia.com>
Date: Fri, 21 Sep 2012 09:50:58 +0000
Subject: [PATCH] disk: part_efi: range-check partition number

Enhance get_partition_info_efi() to range-check the partition number.
This prevents invalid partitions being accessed, and prevents access
beyond the end of the gpt_pte[] array.

Signed-off-by: Stephen Warren <swarren@nvidia.com>
---
 disk/part_efi.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/disk/part_efi.c b/disk/part_efi.c
index 02927a0d9d..2962fd8f67 100644
--- a/disk/part_efi.c
+++ b/disk/part_efi.c
@@ -173,6 +173,13 @@ int get_partition_info_efi(block_dev_desc_t * dev_desc, int part,
 		return -1;
 	}
 
+	if (part > le32_to_int(gpt_head->num_partition_entries) ||
+	    !is_pte_valid(&gpt_pte[part - 1])) {
+		printf("%s: *** ERROR: Invalid partition number %d ***\n",
+			__func__, part);
+		return -1;
+	}
+
 	/* The ulong casting limits the maximum disk size to 2 TB */
 	info->start = (ulong) le64_to_int(gpt_pte[part - 1].starting_lba);
 	/* The ending LBA is inclusive, to calculate size, add 1 to it */
-- 
2.39.5