TheArchive/Magisk
1
0
Fork 0
mirror of https://github.com/topjohnwu/Magisk.git synced 2025-12-01 15:04:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Enhance fdt_header validation for empty dtb

Browse Source
This commit is contained in:
Wang Han
2025-11-02 15:21:26 +08:00
committed by John Wu
parent f741a4aeb8
commit c8d51b38ba
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
native/src/boot/bootimg.cpp
View File

@@ -279,9 +279,10 @@ static int find_dtb_offset(const uint8_t *buf, unsigned sz) {
auto fdt_hdr = reinterpret_cast<const fdt_header *>(curr);
// Check that fdt_header.totalsize does not overflow kernel image size
// Check that fdt_header.totalsize does not overflow kernel image size or is empty dtb
// https://github.com/torvalds/linux/commit/7b937cc243e5b1df8780a0aa743ce800df6c68d1
uint32_t totalsize = fdt_hdr->totalsize;
if (totalsize > end - curr)
if (totalsize > end - curr || totalsize <= 0x48)
continue;
// Check that fdt_header.off_dt_struct does not overflow kernel image size