From c32133b81557a1665b877756aee4bce836c98e32 Mon Sep 17 00:00:00 2001 From: Yann Sionneau Date: Wed, 27 May 2015 12:55:52 +0200 Subject: [PATCH] flash_storage: avoid crash if a record size gets corrupted to be less than 6 --- soc/runtime/flash_storage.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/soc/runtime/flash_storage.c b/soc/runtime/flash_storage.c index a8e01436a..40f062884 100644 --- a/soc/runtime/flash_storage.c +++ b/soc/runtime/flash_storage.c @@ -61,6 +61,13 @@ static int record_iter_next(struct iter_state *is, struct record *record, int *f if(record->size == END_MARKER) return 0; + if(record->size < 6) { + printf("flash_storage might be corrupted: record size is %u (<6) at address %08x\n", record->size, record->raw_record); + if(fatal) + *fatal = 1; + return 0; + } + if(is->seek > is->buf_len - sizeof(record->size) - 2) { /* 2 is the minimum key length */ printf("flash_storage might be corrupted: END_MARKER missing at the end of the storage sector\n"); if(fatal)