39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
From 6077051e173770cf357703a3d776ceac2c53d963 Mon Sep 17 00:00:00 2001
|
|
From: Richard Hughes <richard@hughsie.com>
|
|
Date: Mon, 8 Feb 2021 18:10:38 +0000
|
|
Subject: [PATCH 10/11] ihex: Fix a buffer-overread spotted by AddressSanitizer
|
|
|
|
---
|
|
libfwupdplugin/fu-ihex-firmware.c | 8 +++-----
|
|
1 file changed, 3 insertions(+), 5 deletions(-)
|
|
|
|
diff --git libfwupdplugin/fu-ihex-firmware.c libfwupdplugin/fu-ihex-firmware.c
|
|
index 8d4fc6a6..5df8a948 100644
|
|
--- libfwupdplugin/fu-ihex-firmware.c
|
|
+++ libfwupdplugin/fu-ihex-firmware.c
|
|
@@ -90,11 +90,6 @@ fu_ihex_firmware_record_new (guint ln, const gchar *line,
|
|
rcd->ln = ln;
|
|
rcd->data = g_byte_array_new ();
|
|
rcd->buf = g_string_new (line);
|
|
- rcd->byte_cnt = fu_firmware_strparse_uint8 (line + 1);
|
|
- rcd->addr = fu_firmware_strparse_uint16 (line + 3);
|
|
- rcd->record_type = fu_firmware_strparse_uint8 (line + 7);
|
|
-
|
|
- /* check there's enough data for the smallest possible record */
|
|
if (rcd->buf->len < 11) {
|
|
g_set_error (error,
|
|
FWUPD_ERROR,
|
|
@@ -103,6 +98,9 @@ fu_ihex_firmware_record_new (guint ln, const gchar *line,
|
|
(guint) rcd->buf->len);
|
|
return NULL;
|
|
}
|
|
+ rcd->byte_cnt = fu_firmware_strparse_uint8 (line + 1);
|
|
+ rcd->addr = fu_firmware_strparse_uint16 (line + 3);
|
|
+ rcd->record_type = fu_firmware_strparse_uint8 (line + 7);
|
|
|
|
/* position of checksum */
|
|
line_end = 9 + rcd->byte_cnt * 2;
|
|
--
|
|
2.29.2
|
|
|