aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--rmi4update/firmware_image.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/rmi4update/firmware_image.cpp b/rmi4update/firmware_image.cpp
index 8acc2d6..babce56 100644
--- a/rmi4update/firmware_image.cpp
+++ b/rmi4update/firmware_image.cpp
@@ -87,6 +87,12 @@ int FirmwareImage::Initialize(const char * filename)
m_io = m_memBlock[RMI_IMG_IO_OFFSET];
m_bootloaderVersion = m_memBlock[RMI_IMG_BOOTLOADER_VERSION_OFFSET];
m_firmwareSize = extract_long(&m_memBlock[RMI_IMG_IMAGE_SIZE_OFFSET]);
+
+ if ((unsigned long)m_imageSize - RMI_IMG_FW_OFFSET - 1 < m_firmwareSize) {
+ fprintf(stderr, "Supplied firmware image size too large, goes out of image file size bound\n");
+ return UPDATE_FAIL_VERIFY_FIRMWARE_SIZE;
+ }
+
m_configSize = extract_long(&m_memBlock[RMI_IMG_CONFIG_SIZE_OFFSET]);
if (m_io == 1) {
m_firmwareBuildID = extract_long(&m_memBlock[RMI_IMG_FW_BUILD_ID_OFFSET]);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 04:52:46 +0000