From 99eaf1fcaa260dceea25ed25830498abf70f0728 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Thu, 13 May 2021 19:39:27 -0600 Subject: [PATCH] cbfs: Check offset range when reading a file Add a check that the offset is within the allowed range. Signed-off-by: Simon Glass Reported-by: Coverity (CID: 331155) --- fs/cbfs/cbfs.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/cbfs/cbfs.c b/fs/cbfs/cbfs.c index 415ea28b87..3e905c74e5 100644 --- a/fs/cbfs/cbfs.c +++ b/fs/cbfs/cbfs.c @@ -167,6 +167,8 @@ static int file_cbfs_next_file(struct cbfs_priv *priv, void *start, int size, } swap_file_header(&header, file_header); + if (header.offset >= size) + return log_msg_ret("range", -E2BIG); ret = fill_node(node, start, &header); if (ret) { priv->result = CBFS_BAD_FILE; -- 2.39.5