diff options
author | Gabe Black <gabeblack@chromium.org> | 2011-12-19 22:11:22 -0800 |
---|---|---|
committer | Gabe Black <gabeblack@chromium.org> | 2011-12-20 16:05:52 -0800 |
commit | 878709122447c3ab4ac97397d32bcf080d15ca38 (patch) | |
tree | 70691b3abf49a866613d2aff0c20c72387ec884e | |
parent | 66138ad0bfb2442404287966521166b6dd01bc16 (diff) |
Security: Fix a security bug in the border_check function.
Because the offset and count parameters for the border_check function are
unsigned, their total could overflow a uint32_t and end up wrapping to look
smaller than the size of the flash even though it's mathematically larger.
This change adds a check for that overflow.
BUG=chromium-os:24222
TEST=Built and booted on a Lumpy.
Change-Id: Ibe0708d8ad7869d71425bef7793f839bc96ac92d
Signed-off-by: Gabe Black <gabeblack@google.com>
Reviewed-on: https://gerrit.chromium.org/gerrit/13219
Reviewed-by: Che-Liang Chiou <clchiou@chromium.org>
Reviewed-by: Stefan Reinauer <reinauer@chromium.org>
Tested-by: Gabe Black <gabeblack@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/13260
Reviewed-by: Simon Glass <sjg@chromium.org>
0 files changed, 0 insertions, 0 deletions