[PATCH] boot: android: handle boot images with missing DTB

[PATCH] boot: android: handle boot images with missing DTB

[Sam Day]

607b07554e2 removed the check on the return status of the
android_image_get_dtb_img_addr call from android_image_get_dtb_by_index,
which results in null pointer accesses shortly after when trying to
check the header of a nonexistent DTB.

Fixes: 607b07554e2 ("android: boot: move to andr_image_data structure")
Signed-off-by: Sam Day <me@samcday.com>
---
 boot/image-android.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/boot/image-android.c b/boot/image-android.c
index 60a422dfb74a6c683b3cf9d2b19b3ad1dbd0d151..4fdf56dd1bd4ee26cd4d030532f75d8f48c0b8ee 100644
--- a/boot/image-android.c
+++ b/boot/image-android.c
@@ -696,7 +696,10 @@ bool android_image_get_dtb_by_index(ulong hdr_addr, ulong vendor_boot_img,
 	ulong dtb_addr;		/* address of DTB blob with specified index  */
 	u32 i;			/* index iterator */
 
-	android_image_get_dtb_img_addr(hdr_addr, vendor_boot_img, &dtb_img_addr);
+	if (!android_image_get_dtb_img_addr(hdr_addr, vendor_boot_img,
+					    &dtb_img_addr))
+		return false;
+
 	/* Check if DTB area of boot image is in DTBO format */
 	if (android_dt_check_header(dtb_img_addr)) {
 		return android_dt_get_fdt_by_index(dtb_img_addr, index, addr,

---
base-commit: a3b71cc6f5cc74d4edc5808790a3d2999ea3f7fe
change-id: 20250123-android-handle-no-dtb-ac3e49f7bec6

Best regards,
-- 
Sam Day <me@samcday.com>

Re: [PATCH] boot: android: handle boot images with missing DTB

[Mattijs Korpershoek]

Hi Sam,

Thank you for the patch.

On jeu., janv. 23, 2025 at 14:35, Sam Day <me@samcday.com> wrote:

> 607b07554e2 removed the check on the return status of the
> android_image_get_dtb_img_addr call from android_image_get_dtb_by_index,
> which results in null pointer accesses shortly after when trying to
> check the header of a nonexistent DTB.
>
> Fixes: 607b07554e2 ("android: boot: move to andr_image_data structure")
> Signed-off-by: Sam Day <me@samcday.com>

Reviewed-by: Mattijs Korpershoek <mkorpershoek@baylibre.com>

> ---
>  boot/image-android.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/boot/image-android.c b/boot/image-android.c
> index 60a422dfb74a6c683b3cf9d2b19b3ad1dbd0d151..4fdf56dd1bd4ee26cd4d030532f75d8f48c0b8ee 100644
> --- a/boot/image-android.c
> +++ b/boot/image-android.c
> @@ -696,7 +696,10 @@ bool android_image_get_dtb_by_index(ulong hdr_addr, ulong vendor_boot_img,
>  	ulong dtb_addr;		/* address of DTB blob with specified index  */
>  	u32 i;			/* index iterator */
>  
> -	android_image_get_dtb_img_addr(hdr_addr, vendor_boot_img, &dtb_img_addr);
> +	if (!android_image_get_dtb_img_addr(hdr_addr, vendor_boot_img,
> +					    &dtb_img_addr))
> +		return false;
> +
>  	/* Check if DTB area of boot image is in DTBO format */
>  	if (android_dt_check_header(dtb_img_addr)) {
>  		return android_dt_get_fdt_by_index(dtb_img_addr, index, addr,
>
> ---
> base-commit: a3b71cc6f5cc74d4edc5808790a3d2999ea3f7fe
> change-id: 20250123-android-handle-no-dtb-ac3e49f7bec6
>
> Best regards,
> -- 
> Sam Day <me@samcday.com>

Re: [PATCH] boot: android: handle boot images with missing DTB

[Mattijs Korpershoek]

Hi,

On Thu, 23 Jan 2025 14:35:01 +0000, Sam Day wrote:
> 607b07554e2 removed the check on the return status of the
> android_image_get_dtb_img_addr call from android_image_get_dtb_by_index,
> which results in null pointer accesses shortly after when trying to
> check the header of a nonexistent DTB.
> 
> 

Thanks, Applied to https://source.denx.de/u-boot/custodians/u-boot-dfu (u-boot-dfu)

[1/1] boot: android: handle boot images with missing DTB
      https://source.denx.de/u-boot/custodians/u-boot-dfu/-/commit/aa817a2f1fb66067fc3c6dc7d9d1a84bbaa99df9

--
Mattijs