Skip to content

Commit 5a53c6c

Browse files
ManishVB-ArmTrustedFirmware Code Review
ManishVB-Arm
authored and
TrustedFirmware Code Review
committed
Merge "feat(fiptool): handle FIP in a disk partition" into integration
2 parents 872d865 + 06e69f7 commit 5a53c6c

File tree

1 file changed

+22
-8
lines changed

1 file changed

+22
-8
lines changed

tools/fiptool/fiptool.c

Lines changed: 22 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,12 @@
11
/*
2-
* Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved.
2+
* Copyright (c) 2016-2023, ARM Limited and Contributors. All rights reserved.
33
*
44
* SPDX-License-Identifier: BSD-3-Clause
55
*/
66

7+
#ifndef _MSC_VER
8+
#include <sys/mount.h>
9+
#endif
710
#include <sys/types.h>
811
#include <sys/stat.h>
912

@@ -298,6 +301,7 @@ static int parse_fip(const char *filename, fip_toc_header_t *toc_header_out)
298301
fip_toc_header_t *toc_header;
299302
fip_toc_entry_t *toc_entry;
300303
int terminated = 0;
304+
size_t st_size;
301305

302306
fp = fopen(filename, "rb");
303307
if (fp == NULL)
@@ -306,13 +310,21 @@ static int parse_fip(const char *filename, fip_toc_header_t *toc_header_out)
306310
if (fstat(fileno(fp), &st) == -1)
307311
log_err("fstat %s", filename);
308312

309-
buf = xmalloc(st.st_size, "failed to load file into memory");
310-
if (fread(buf, 1, st.st_size, fp) != st.st_size)
313+
st_size = st.st_size;
314+
315+
#ifdef BLKGETSIZE64
316+
if ((st.st_mode & S_IFBLK) != 0)
317+
if (ioctl(fileno(fp), BLKGETSIZE64, &st_size) == -1)
318+
log_err("ioctl %s", filename);
319+
#endif
320+
321+
buf = xmalloc(st_size, "failed to load file into memory");
322+
if (fread(buf, 1, st_size, fp) != st_size)
311323
log_errx("Failed to read %s", filename);
312-
bufend = buf + st.st_size;
324+
bufend = buf + st_size;
313325
fclose(fp);
314326

315-
if (st.st_size < sizeof(fip_toc_header_t))
327+
if (st_size < sizeof(fip_toc_header_t))
316328
log_errx("FIP %s is truncated", filename);
317329

318330
toc_header = (fip_toc_header_t *)buf;
@@ -347,9 +359,11 @@ static int parse_fip(const char *filename, fip_toc_header_t *toc_header_out)
347359
"failed to allocate image buffer, is FIP file corrupted?");
348360
/* Overflow checks before memory copy. */
349361
if (toc_entry->size > (uint64_t)-1 - toc_entry->offset_address)
350-
log_errx("FIP %s is corrupted", filename);
351-
if (toc_entry->size + toc_entry->offset_address > st.st_size)
352-
log_errx("FIP %s is corrupted", filename);
362+
log_errx("FIP %s is corrupted: entry size exceeds 64 bit address space",
363+
filename);
364+
if (toc_entry->size + toc_entry->offset_address > st_size)
365+
log_errx("FIP %s is corrupted: entry size exceeds FIP file size",
366+
filename);
353367

354368
memcpy(image->buffer, buf + toc_entry->offset_address,
355369
toc_entry->size);

0 commit comments

Comments
 (0)