On Tue, Jun 10, 2025 at 09:58:28PM -0500, Bjorn Andersson wrote:
When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for other clients.
Validate the size of the firmware buffer to ensure that we don't read past the end as we iterate over the header. e_phentsize and e_shentsize are validated as well, to ensure that the assumptions about step size in the traversal are valid.
Fixes: 2aad40d911ee ("remoteproc: Move qcom_mdt_loader into drivers/soc/qcom") Cc: stable@vger.kernel.org Reported-by: Doug Anderson dianders@chromium.org Signed-off-by: Bjorn Andersson bjorn.andersson@oss.qualcomm.com
drivers/soc/qcom/mdt_loader.c | 43 +++++++++++++++++++++++++++++++++++++++++++
Reviewed-by: Dmitry Baryshkov dmitry.baryshkov@oss.qualcomm.com
Nit: in theory we don't need to validate section headers since we don't use them in the loader. However it's better be safe than sorry.
1 file changed, 43 insertions(+)