From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.3 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_2 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 09061C2B9F7 for ; Wed, 26 May 2021 07:12:45 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 440A7613AB for ; Wed, 26 May 2021 07:12:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 440A7613AB Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=denx.de Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id EF93182B2A; Wed, 26 May 2021 09:12:40 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=denx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=denx.de; s=phobos-20191101; t=1622013161; bh=30SAMsa8EjNzRF/5b8jiABBV777lXbU0AhRftJjXrq8=; h=Date:From:To:Cc:Subject:In-Reply-To:References:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From; b=IKCoGLtU84dZ/wFWqIGAnSV7KP39oefVIt9FJ57d0QXuOuusEH+t8ULTvcT06rEEX kX8pWPw+ejpeTG7wPmm1sZTyzy2UBAom1WzY8xRoaw67D5ffhpe7QOQP0qpNr2ZTsy 49bPAnlVBoGQQhsPjk0TEc1RDnnmm456cqwO1M3zDCga6+YGPPB6+JbEBUhU1x7L2x dSoCx5UCn5YzMNYdWyGMPTtaS07euMgHWOExnQ5fhH1zDq4VXhHi04yr/eCBOokSAr 0p958DiE7D3I86JbGA/9FzTJhP54kyyiISDubH/YLYzHIMJxz8BQ9vzLULnNFjKU/h PBw5rL8O97zZA== Received: from ktm (85-222-111-42.dynamic.chello.pl [85.222.111.42]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: lukma@denx.de) by phobos.denx.de (Postfix) with ESMTPSA id 04C6881D48; Wed, 26 May 2021 09:12:38 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=denx.de; s=phobos-20191101; t=1622013159; bh=30SAMsa8EjNzRF/5b8jiABBV777lXbU0AhRftJjXrq8=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=KWqson1m+auSe6wuPrmz240XxT5WaSiJ2iHcovgCMhhHg3si0KAQl22qJb+9pL4sm NkkyaP9z9prIMKjGcNsHmVudAIFd/UTy1dHrYKOubEA5Mgdt9YQUBUudt8GMgvnT8C uXc5q9lEI0sPZGOrIKAMcvvDvgn6lKsYyyXMwCrQBvLu/2EJDhAXhCA6wYXhqIZn0L wxf1JTgCH9r5qU63cOwi0TkVZz0+9I4CVGRkfU2PzYx/VWJh1DjJa1Q6dHY4cODkuD P6vyqcPym1tjgMa7QVxV/tWlrys6ctEoMa7e7QbHGugXZi5ZnBoAHixC1iy6u7HbCi 68emxfu/xEtfQ== Date: Wed, 26 May 2021 09:12:30 +0200 From: Lukasz Majewski To: Sean Anderson Cc: u-boot@lists.denx.de, Gary Bisson , Patrick Delaunay , Roman Kovalivskyi , Heiko Schocher , Simon Glass , Tom Rini Subject: Re: [PATCH] fastboot: Fix overflow when calculating chunk size Message-ID: <20210526091230.0a51acc2@ktm> In-Reply-To: <3564f958-a796-f081-4a81-c9f2308eb387@seco.com> References: <20210416215821.3575989-1-sean.anderson@seco.com> <9ed66f72-4d00-640b-0263-3b90bea9d583@seco.com> <3564f958-a796-f081-4a81-c9f2308eb387@seco.com> Organization: denx.de X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; boundary="Sig_/I31Nmr.xTaA4SRtSGI0k0dn"; protocol="application/pgp-signature" X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean --Sig_/I31Nmr.xTaA4SRtSGI0k0dn Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Sean, > On 5/13/21 11:54 AM, Sean Anderson wrote: > > Hi Lukasz, > >=20 > > Can this make it into 2020.07? Thanks, =20 >=20 > ping? Should Tom pick this up instead? >=20 Yes, Tom please pick it up - as I will not prepare PR sooner than June. > --Sean >=20 > >=20 > > --Sean > >=20 > > On 4/16/21 5:58 PM, Sean Anderson wrote: =20 > >> If a chunk was larger than 4GiB, then chunk_data_sz would overflow > >> and blkcnt would not be calculated correctly. Upgrade it to a u64 > >> and cast its multiplicands as well. Also fix bytes_written while > >> we're at it. > >> > >> Signed-off-by: Sean Anderson > >> --- > >> > >> =C2=A0 lib/image-sparse.c | 12 ++++++------ > >> =C2=A0 1 file changed, 6 insertions(+), 6 deletions(-) > >> > >> diff --git a/lib/image-sparse.c b/lib/image-sparse.c > >> index 187ac28cd3..52c8dcc08c 100644 > >> --- a/lib/image-sparse.c > >> +++ b/lib/image-sparse.c > >> @@ -55,10 +55,10 @@ int write_sparse_image(struct sparse_storage > >> *info, lbaint_t blk; > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 lbaint_t blkcnt; > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 lbaint_t blks; > >> -=C2=A0=C2=A0=C2=A0 uint32_t bytes_written =3D 0; > >> +=C2=A0=C2=A0=C2=A0 uint64_t bytes_written =3D 0; > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 unsigned int chunk; > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 unsigned int offset; > >> -=C2=A0=C2=A0=C2=A0 unsigned int chunk_data_sz; > >> +=C2=A0=C2=A0=C2=A0 uint64_t chunk_data_sz; > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 uint32_t *fill_buf =3D NULL; > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 uint32_t fill_val; > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 sparse_header_t *sparse_header; > >> @@ -132,7 +132,7 @@ int write_sparse_image(struct sparse_storage > >> *info, sizeof(chunk_header_t)); > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 } > >> -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 chunk_data_sz =3D sparse_h= eader->blk_sz * > >> chunk_header->chunk_sz; > >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 chunk_data_sz =3D ((u64)sp= arse_header->blk_sz) * > >> chunk_header->chunk_sz; blkcnt =3D chunk_data_sz / info->blksz; > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 switch (chunk_h= eader->chunk_type) { > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 case CHUNK_TYPE= _RAW: > >> @@ -162,7 +162,7 @@ int write_sparse_image(struct sparse_storage > >> *info, return -1; > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 } > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 blk +=3D blks; > >> -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 by= tes_written +=3D blkcnt * info->blksz; > >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 by= tes_written +=3D ((u64)blkcnt) * info->blksz; > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 total_blocks +=3D chunk_header->chunk_sz; > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 data +=3D chunk_data_sz; > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 break; > >> @@ -222,7 +222,7 @@ int write_sparse_image(struct sparse_storage > >> *info, blk +=3D blks; > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 i +=3D j; > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 } > >> -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 by= tes_written +=3D blkcnt * info->blksz; > >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 by= tes_written +=3D ((u64)blkcnt) * info->blksz; > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 total_blocks +=3D chunk_data_sz / > >> sparse_header->blk_sz; free(fill_buf); > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0 break; > >> @@ -253,7 +253,7 @@ int write_sparse_image(struct sparse_storage > >> *info, debug("Wrote %d blocks, expected to write %d blocks\n", > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 tot= al_blocks, sparse_header->total_blks); > >> -=C2=A0=C2=A0=C2=A0 printf("........ wrote %u bytes to '%s'\n", bytes_= written, > >> part_name); > >> +=C2=A0=C2=A0=C2=A0 printf("........ wrote %llu bytes to '%s'\n", byte= s_written, > >> part_name); if (total_blocks !=3D sparse_header->total_blks) { > >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 info->mssg("spa= rse image write failure", response); > >> =20 Best regards, Lukasz Majewski -- DENX Software Engineering GmbH, Managing Director: Wolfgang Denk HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-59 Fax: (+49)-8142-66989-80 Email: lukma@denx.de --Sig_/I31Nmr.xTaA4SRtSGI0k0dn Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEgAyFJ+N6uu6+XupJAR8vZIA0zr0FAmCt9N4ACgkQAR8vZIA0 zr3Kugf/YYmowIBNoV4JFtvIezSyXLGzZ33/ngFZ0IYR4sNAcXsuBj3nE7HQnifB 3N9xREDucGYlz8muvlXHLCPzG7150dDvTPbk1nym8z3znXf/m28yP4+ZSCrQOptU RDyS0B+x4uq97kDy8PECytIPCCRMRfBUYQhj85j985ZfFB61cNrGYvUcgmxXzJLG u9n/POUQicE6K3oGehU5vgLvGrZYLyVnfHrTzVX/qFPTjFyd6KK5fVyXsCAmV74D U3iilSpEFpqnDqaTz+EWXLEZ70dYuoKXNjGEf+GXMTW9O4eKaz60dcDocPBSVUHF xTiVKKV8IQBrn/ImPOQnrXQUiMrnUQ== =Px4c -----END PGP SIGNATURE----- --Sig_/I31Nmr.xTaA4SRtSGI0k0dn--