tools: imximage: Fix check array index

The struct dcd_v1_t is initialized to MAX_HW_CFG_SIZE_V1 (60) structs 'dcd_type_addr_data_t', so the indexes to use on its elements are [0,59]. But on line 478, the variable 'length' can take on the value 60, which applies to array overflow: cd_v1->addr_data[length].type Thus, it is necessary to tighten the check on the 'size' variable on line 463. Fixes: 0b0c6af38738 ("Prepare v2020.01") Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
author: Mikhail Ilin <ilin.mikhail.ol@gmail.com> 2022-11-22 12:34:26 +0300
committer: Stefano Babic <sbabic@denx.de> 2023-01-31 01:23:01 +0300
commit: 507a70b1447ae389c614ac3d04ae853922935898 (patch)
tree: 6f3a4827b7d6661cac2fd077ac74cce5600bd907 /tools
parent: baa7550c14156f9dda65e0c3267f35a0dfc3cf10 (diff)
download: u-boot-507a70b1447ae389c614ac3d04ae853922935898.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/tools/imximage.c b/tools/imximage.c
index 5c23fba3b1..354ee34c14 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -460,7 +460,7 @@ static void print_hdr_v1(struct imx_header *imx_hdr)
 	uint32_t size, length, ver;
 
 	size = dcd_v1->preamble.length;
-	if (size > (MAX_HW_CFG_SIZE_V1 * sizeof(dcd_type_addr_data_t))) {
+	if (size >= (MAX_HW_CFG_SIZE_V1 * sizeof(dcd_type_addr_data_t))) {
 		fprintf(stderr,
 			"Error: Image corrupt DCD size %d exceed maximum %d\n",
 			(uint32_t)(size / sizeof(dcd_type_addr_data_t)),
author	Mikhail Ilin <ilin.mikhail.ol@gmail.com>	2022-11-22 12:34:26 +0300
committer	Stefano Babic <sbabic@denx.de>	2023-01-31 01:23:01 +0300
commit	507a70b1447ae389c614ac3d04ae853922935898 (patch)
tree	6f3a4827b7d6661cac2fd077ac74cce5600bd907 /tools
parent	baa7550c14156f9dda65e0c3267f35a0dfc3cf10 (diff)
download	u-boot-507a70b1447ae389c614ac3d04ae853922935898.tar.xz