proxmox-mirrors/fwupd
1
0
Fork 0
mirror of https://git.proxmox.com/git/fwupd synced 2025-07-27 22:23:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

trivial: Add more fuzzing alignment checks

Browse Source 
In reality these are not super interesting as they only happen on
`->write()` and not `->parse()`.

In other news, the fuzzer now appreciates how critical the alignment
is, which is probably a good thing generally.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40088
This commit is contained in:
Richard Hughes 2021-10-18 19:19:47 +01:00
parent a5ef3629d4
commit 27e40c3025
3 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libfwupdplugin/fu-efi-firmware-volume.c
View File

@ -301,6 +301,16 @@ fu_efi_firmware_volume_write(FuFirmware *firmware, GError **error)
g_autoptr(GBytes) img_blob = NULL; g_autoptr(GBytes) img_blob = NULL;
g_autoptr(FuFirmware) img = NULL; g_autoptr(FuFirmware) img = NULL;
/* sanity check */
if (fu_firmware_get_alignment(firmware) > FU_FIRMWARE_ALIGNMENT_1M) {
g_set_error(error,
FWUPD_ERROR,
FWUPD_ERROR_INVALID_FILE,
"alignment invalid, got 0x%02x",
fu_firmware_get_alignment(firmware));
return NULL;
}
/* zero vector */ /* zero vector */
for (guint i = 0; i < 0x10; i++) for (guint i = 0; i < 0x10; i++)
fu_byte_array_append_uint8(buf, 0x0); fu_byte_array_append_uint8(buf, 0x0);

10
libfwupdplugin/fu-ifd-image.c
View File

@ -75,6 +75,16 @@ fu_ifd_image_write(FuFirmware *firmware, GError **error)
g_autoptr(GByteArray) buf = g_byte_array_new(); g_autoptr(GByteArray) buf = g_byte_array_new();
g_autoptr(GPtrArray) images = fu_firmware_get_images(firmware); g_autoptr(GPtrArray) images = fu_firmware_get_images(firmware);
/* sanity check */
if (fu_firmware_get_alignment(firmware) > FU_FIRMWARE_ALIGNMENT_1M) {
g_set_error(error,
FWUPD_ERROR,
FWUPD_ERROR_INVALID_FILE,
"alignment invalid, got 0x%02x",
fu_firmware_get_alignment(firmware));
return NULL;
}
/* add each volume */ /* add each volume */
if (images->len > 0) { if (images->len > 0) {
for (guint i = 0; i < images->len; i++) { for (guint i = 0; i < images->len; i++) {

10
plugins/bcm57xx/fu-bcm57xx-stage1-image.c
View File

@ -102,6 +102,16 @@ fu_bcm57xx_stage1_image_write(FuFirmware *firmware, GError **error)
g_autoptr(GByteArray) buf = g_byte_array_new(); g_autoptr(GByteArray) buf = g_byte_array_new();
g_autoptr(GBytes) fw_nocrc = NULL; g_autoptr(GBytes) fw_nocrc = NULL;
/* sanity check */
if (fu_firmware_get_alignment(firmware) > FU_FIRMWARE_ALIGNMENT_1M) {
g_set_error(error,
FWUPD_ERROR,
FWUPD_ERROR_INVALID_FILE,
"alignment invalid, got 0x%02x",
fu_firmware_get_alignment(firmware));
return NULL;
}
/* the CRC-less payload */ /* the CRC-less payload */
fw_nocrc = fu_firmware_get_bytes(firmware, error); fw_nocrc = fu_firmware_get_bytes(firmware, error);
if (fw_nocrc == NULL) if (fw_nocrc == NULL)