* guard all mallocs in cbfstool
* fix an issue that could lead to cbfstool writing outside of its allocated
memory
Signed-off-by: Stefan Reinauer <stepan@coresystems.de>
Acked-by: Peter Stuge <peter@stuge.se>
git-svn-id: svn://svn.coreboot.org/coreboot/trunk@4653 2b7e53f0-3cfb-0310-b3e9-8179ed1497e1
diff --git a/util/cbfstool/common.c b/util/cbfstool/common.c
index 9227337..7a9e6f1 100644
--- a/util/cbfstool/common.c
+++ b/util/cbfstool/common.c
@@ -36,10 +36,16 @@
fseek(file, 0, SEEK_END);
*romsize_p = ftell(file);
fseek(file, 0, SEEK_SET);
- if (!content)
+ if (!content) {
content = malloc(*romsize_p);
- else if (place == SEEK_END)
+ if (!content) {
+ printf("Could not get %d bytes for file %s\n",
+ *romsize_p, filename);
+ exit(1);
+ }
+ } else if (place == SEEK_END)
content -= *romsize_p;
+
if (!fread(content, *romsize_p, 1, file)) {
printf("failed to read %s\n", filename);
return NULL;
@@ -255,6 +261,11 @@
*location -= headersize;
}
void *newdata = malloc(*datasize + headersize);
+ if (!newdata) {
+ printf("Could not get %d bytes for CBFS file.\n", *datasize +
+ headersize);
+ exit(1);
+ }
struct cbfs_file *nextfile = (struct cbfs_file *)newdata;
strncpy(nextfile->magic, "LARCHIVE", 8);
nextfile->len = htonl(*datasize);
@@ -272,8 +283,15 @@
{
romsize = _romsize;
unsigned char *romarea = malloc(romsize);
+ if (!romarea) {
+ printf("Could not get %d bytes of memory for CBFS image.\n",
+ romsize);
+ exit(1);
+ }
memset(romarea, 0xff, romsize);
- recalculate_rom_geometry(romarea);
+
+ // Set up physical/virtual mapping
+ offset = romarea + romsize - 0x100000000ULL;
if (align == 0)
align = 64;
@@ -291,6 +309,9 @@
master_header->offset = htonl(0);
((uint32_t *) phys_to_virt(0xfffffffc))[0] =
virt_to_phys(master_header);
+
+ recalculate_rom_geometry(romarea);
+
struct cbfs_file *one_empty_file =
cbfs_create_empty_file((0 - romsize) & 0xffffffff,
romsize - bootblocksize -