diff options
| author | Pali Rohár <pali.rohar@gmail.com> | 2016-01-10 14:33:30 +0100 |
|---|---|---|
| committer | Pali Rohár <pali.rohar@gmail.com> | 2016-01-10 14:33:30 +0100 |
| commit | c258289b7448ad0ddb04dbd4367323ed8bb8ba1a (patch) | |
| tree | 3e5cf02c8fdc70ff9b13cbd6142386bddd6cc6fa /src/image.c | |
| parent | 3c1ab9934d91dfe04ecc29146625ffd3e900a38e (diff) | |
| download | 0xFFFF-c258289b7448ad0ddb04dbd4367323ed8bb8ba1a.tar.bz2 | |
image: Check for return value fo image_read() in image_type_from_data()
Diffstat (limited to 'src/image.c')
| -rw-r--r-- | src/image.c | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/src/image.c b/src/image.c index 0daebf3..23d79d8 100644 --- a/src/image.c +++ b/src/image.c @@ -511,40 +511,41 @@ static const char * image_types[] = { enum image_type image_type_from_data(struct image * image) { unsigned char buf[512]; + size_t size; memset(buf, 0, sizeof(buf)); image_seek(image, 0); - image_read(image, buf, sizeof(buf)); + size = image_read(image, buf, sizeof(buf)); - if ( memcmp(buf+52, "2NDAPE", 6) == 0 ) + if ( size >= 58 && memcmp(buf+52, "2NDAPE", 6) == 0 ) return IMAGE_2ND; - else if ( memcmp(buf+20, "2ND", 3) == 0 ) + else if ( size >= 23 && memcmp(buf+20, "2ND", 3) == 0 ) return IMAGE_2ND; - else if ( memcmp(buf+4, "NOLOScnd", 8) == 0 ) + else if ( size >= 8 && memcmp(buf+4, "NOLOScnd", 8) == 0 ) return IMAGE_SECONDARY; - else if ( memcmp(buf+20, "X-LOADER", 8) == 0 ) + else if ( size >= 28 && memcmp(buf+20, "X-LOADER", 8) == 0 ) return IMAGE_XLOADER; - else if ( memcmp(buf+12, "NOLOXldr", 8) == 0 ) + else if ( size >= 20 && memcmp(buf+12, "NOLOXldr", 8) == 0 ) return IMAGE_XLOADER; - else if ( memcmp(buf+4, "NOLOXldr", 8) == 0 ) + else if ( size >= 12 && memcmp(buf+4, "NOLOXldr", 8) == 0 ) return IMAGE_2ND; - else if ( memcmp(buf+36, "\x18\x28\x6f\x01", 4) == 0 ) /* ARM Linux kernel magic number */ + else if ( size >= 40 && memcmp(buf+36, "\x18\x28\x6f\x01", 4) == 0 ) /* ARM Linux kernel magic number */ return IMAGE_KERNEL; - else if ( memcmp(buf+1, "\x00\x00\xea", 3) == 0 ) /* ARM U-Boot - instruction branch */ + else if ( size >= 4 && memcmp(buf+1, "\x00\x00\xea", 3) == 0 ) /* ARM U-Boot - instruction branch */ return IMAGE_KERNEL; - else if ( memcmp(buf, "UBI#", 4) == 0 ) /* UBI EC header */ + else if ( size >= 4 && memcmp(buf, "UBI#", 4) == 0 ) /* UBI EC header */ return IMAGE_ROOTFS; - else if ( memcmp(buf+510, "\x55\xaa", 2) == 0 ) /* FAT boot sector signature */ + else if ( size >= 512 && memcmp(buf+510, "\x55\xaa", 2) == 0 ) /* FAT boot sector signature */ return IMAGE_MMC; - else if ( memcmp(buf, "\xb0\x00\x01\x03\x9d\x00\x00\x00", 8) == 0 ) + else if ( size >= 8 && memcmp(buf, "\xb0\x00\x01\x03\x9d\x00\x00\x00", 8) == 0 ) return IMAGE_CMT_2ND; - else if ( memcmp(buf, "\xb1\x00\x00\x00\x82\x00\x00\x00", 8) == 0 ) + else if ( size >= 8 && memcmp(buf, "\xb1\x00\x00\x00\x82\x00\x00\x00", 8) == 0 ) return IMAGE_CMT_ALGO; - else if ( memcmp(buf, "\xb2\x00\x00\x01\x44\x00\x00\x00", 8) == 0 ) + else if ( size >= 8 && memcmp(buf, "\xb2\x00\x00\x01\x44\x00\x00\x00", 8) == 0 ) return IMAGE_CMT_MCUSW; - else if ( memcmp(buf, "\x45\x3d\xcd\x28", 4) == 0 ) /* CRAMFS MAGIC */ + else if ( size >= 4 && memcmp(buf, "\x45\x3d\xcd\x28", 4) == 0 ) /* CRAMFS MAGIC */ return IMAGE_INITFS; - else if ( memcmp(buf, "\x85\x19", 2) == 0 ) { /* JFFS2 MAGIC */ + else if ( size >= 2 && memcmp(buf, "\x85\x19", 2) == 0 ) { /* JFFS2 MAGIC */ if ( image->size < 0x300000 ) return IMAGE_INITFS; else |