summaryrefslogtreecommitdiff
path: root/QcomModulePkg/Library/BootLib/BootLinux.c
diff options
context:
space:
mode:
Diffstat (limited to 'QcomModulePkg/Library/BootLib/BootLinux.c')
-rw-r--r--QcomModulePkg/Library/BootLib/BootLinux.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/QcomModulePkg/Library/BootLib/BootLinux.c b/QcomModulePkg/Library/BootLib/BootLinux.c
index 60394e3bc9..3e469c34a5 100644
--- a/QcomModulePkg/Library/BootLib/BootLinux.c
+++ b/QcomModulePkg/Library/BootLib/BootLinux.c
@@ -1309,6 +1309,7 @@ CheckImageHeader (VOID *ImageHdrBuffer,
BOOLEAN BootIntoRecovery)
{
EFI_STATUS Status = EFI_SUCCESS;
+ struct boot_img_hdr_v2 *BootImgHdrV2;
UINT32 KernelSizeActual = 0;
UINT32 DtSizeActual = 0;
UINT32 RamdiskSizeActual = 0;
@@ -1318,6 +1319,7 @@ CheckImageHeader (VOID *ImageHdrBuffer,
UINT32 KernelSize = 0;
UINT32 RamdiskSize = 0;
UINT32 SecondSize = 0;
+ UINT32 DtSize = 0;
UINT32 tempImgSize = 0;
if (CompareMem ((void *)((boot_img_hdr *)(ImageHdrBuffer))->magic, BOOT_MAGIC,
@@ -1358,6 +1360,21 @@ CheckImageHeader (VOID *ImageHdrBuffer,
return EFI_BAD_BUFFER_SIZE;
}
+ if (HeaderVersion == BOOT_HEADER_VERSION_TWO) {
+ BootImgHdrV2 = (struct boot_img_hdr_v2 *)
+ ((UINT64) ImageHdrBuffer +
+ BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET +
+ BOOT_IMAGE_HEADER_V2_OFFSET);
+ DtSize = BootImgHdrV2->dtb_size;
+
+ DtSizeActual = ROUND_TO_PAGE (DtSize, *PageSize - 1);
+ if (DtSize &&
+ !DtSizeActual) {
+ DEBUG ((EFI_D_ERROR, "Integer Overflow: dt Size = %u\n", DtSize));
+ return EFI_BAD_BUFFER_SIZE;
+ }
+ }
+
*ImageSizeActual = ADD_OF (*PageSize, KernelSizeActual);
if (!*ImageSizeActual) {
DEBUG ((EFI_D_ERROR, "Integer Overflow: Actual Kernel size = %u\n",
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 08:18:40 +0000