From 9a59b04c8ed8b57537f2f3cbcb06645575f64ac1 Mon Sep 17 00:00:00 2001
From: Vijay Kumar Pendoti <vpendo@codeaurora.org>
Date: Thu, 9 Jun 2016 19:34:01 +0530
Subject: app: aboot: add integer overflow in booting from emmc

Added integer overflow checks in case of booting from emmc.

Change-Id: If251c7d83a8658a6507e4bbc2a4b86a777505081
---
 app/aboot/aboot.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
index b59aa5d..6418ecb 100644
--- a/app/aboot/aboot.c
+++ b/app/aboot/aboot.c
@@ -1077,8 +1077,16 @@ int boot_linux_from_mmc(void)
 
 #if DEVICE_TREE
 	dt_actual = ROUND_TO_PAGE(hdr->dt_size, page_mask);
+	if (UINT_MAX < ((uint64_t)kernel_actual + (uint64_t)ramdisk_actual+ (uint64_t)dt_actual + page_size)) {
+		dprintf(CRITICAL, "Integer overflow detected in bootimage header fields at %u in %s\n",__LINE__,__FILE__);
+		return -1;
+	}
 	imagesize_actual = (page_size + kernel_actual + ramdisk_actual + dt_actual);
 #else
+	if (UINT_MAX < ((uint64_t)kernel_actual + (uint64_t)ramdisk_actual + page_size)) {
+		dprintf(CRITICAL, "Integer overflow detected in bootimage header fields at %u in %s\n",__LINE__,__FILE__);
+		return -1;
+	}
 	imagesize_actual = (page_size + kernel_actual + ramdisk_actual);
 #endif
 
-- 
cgit v1.1