From b521867ee2a7ccd749d3c60f93a41c26575fb116 Mon Sep 17 00:00:00 2001 From: Aaron Durbin Date: Tue, 7 May 2013 11:14:01 -0500 Subject: [PATCH] cbfstool: check potential microcode update earlier The update-fit command takes in a parameter for number of slots in the FIT table. It then processes the microcobe blob in cbfs adding those entries to the FIT table. However, the tracking of the number of mircocode updates was incremented before validating the update. Therefore, move the sanity checking before an increment of the number of updates. BUG=chrome-os-partner:19035 BRANCH=none TEST=emerge-fox_wtm2 chromeos-coreboot-fox and inspected microcode FIT entries. Change-Id: Ie8290f53316b251e500b88829fdcf9b5735c1b0e Signed-off-by: Aaron Durbin Reviewed-on: https://gerrit.chromium.org/gerrit/50319 Reviewed-by: Duncan Laurie --- util/cbfstool/fit.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/util/cbfstool/fit.c b/util/cbfstool/fit.c index 12a7e3b49f..02cfaee21d 100644 --- a/util/cbfstool/fit.c +++ b/util/cbfstool/fit.c @@ -206,6 +206,10 @@ static int parse_microcode_blob(struct cbfs_image *image, mcu_header = rom_buffer_pointer(image, current_offset); + /* Quickly sanity check a prospective microcode update. */ + if (mcu_header->total_size < sizeof(*mcu_header)) + break; + /* FIXME: Should the checksum be validated? */ mcus[num_mcus].offset = current_offset; mcus[num_mcus].size = mcu_header->total_size; @@ -215,10 +219,6 @@ static int parse_microcode_blob(struct cbfs_image *image, num_mcus++; file_length -= mcus[num_mcus].size; - /* Can't determine any more entries. */ - if (!mcu_header->total_size) - break; - /* Reached limit of FIT entries. */ if (num_mcus == *total_mcus) break;