soc: qcom: mdt_loader: Ensure we don't read past the ELF header
When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients. Validate the size of the firmware buffer to ensure that we don't read past the end as we iterate over the header. e_phentsize and e_shentsize are validated as well, to ensure that the assumptions about step size in the traversal are valid. Fixes: 2aad40d9 ("remoteproc: Move qcom_mdt_loader into drivers/soc/qcom") Cc: stable@vger.kernel.org Reported-by:Doug Anderson <dianders@chromium.org> Signed-off-by:
Bjorn Andersson <bjorn.andersson@oss.qualcomm.com> Reviewed-by:
Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> Link: https://lore.kernel.org/r/20250610-mdt-loader-validation-and-fixes-v2-1-f7073e9ab899@oss.qualcomm.com Signed-off-by:
Bjorn Andersson <andersson@kernel.org>
Loading
-
mentioned in commit 64faf7d6
-
mentioned in commit 59683ca0
-
mentioned in commit 15242e38
-
mentioned in commit b555a950
-
mentioned in commit cdcb3f81
-
mentioned in commit 79d1ab8b
-
mentioned in commit 2a340303
-
mentioned in commit dc1c6179
-
mentioned in commit 11f4a309
-
mentioned in commit 1729ceeb
Please sign in to comment