app: aboot: fix incorrect check for integer overflow

When we encounter a large DONTCARE chunk, the integer overflow check that was implemented in commit 14cff317 will report a false failure. For example, the following chunk header was observed: [58840] === Chunk Header === [58840] chunk_type: 0xcac3 [58850] chunk_data_sz: 0x198ffe [58850] total_size: 0xc which is valid, but reported as: "Bogus size sparse and chunk header" The check for the 32-bit overflow when computing the actual chunk size should be done only for RAW chunk, instead. Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> (cherry picked from commit 2740fc8aeb78bb2e012f63f6d500f3133139c504)
robclark · Dec 8, 2016 · aef7b3e · aef7b3e
1 parent 55bf8ef
commit aef7b3e
Showing 1 changed file with 16 additions and 16 deletions.
diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
@@ -2719,25 +2719,25 @@ void cmd_flash_mmc_sparse_img(const char *arg, void *data, unsigned sz)
 
 		chunk_data_sz = sparse_header->blk_sz * chunk_header->chunk_sz;
 
-		/* Make sure multiplication does not overflow uint32 size */
-		if (sparse_header->blk_sz && (chunk_header->chunk_sz != chunk_data_sz / sparse_header->blk_sz))
-		{
-			fastboot_fail("Bogus size sparse and chunk header");
-			return;
-		}
-
-		/* Make sure that the chunk size calculated from sparse image does not
-		 * exceed partition size
-		 */
-		if ((uint64_t)total_blocks * (uint64_t)sparse_header->blk_sz + chunk_data_sz > size)
-		{
-			fastboot_fail("Chunk data size exceeds partition size");
-			return;
-		}
-
 		switch (chunk_header->chunk_type)
 		{
 			case CHUNK_TYPE_RAW:
+			/* Make sure multiplication does not overflow uint32 size */
+			if (sparse_header->blk_sz && (chunk_header->chunk_sz != chunk_data_sz / sparse_header->blk_sz))
+			{
+			  fastboot_fail("Bogus size sparse and chunk header");
+			  return;
+			}
+
+			/* Make sure that the chunk size calculated from sparse image does not
+			 * exceed partition size
+			 */
+			if ((uint64_t)total_blocks * (uint64_t)sparse_header->blk_sz + chunk_data_sz > size)
+			{
+			  fastboot_fail("Chunk data size exceeds partition size");
+			  return;
+			}
+
 			if(chunk_header->total_sz != (sparse_header->chunk_hdr_sz +
 											chunk_data_sz))
 			{