:: commit 2c42879407b89f3d6c6601ae72c66ff33d733fde
lib/elf: Check image_size against SIZE_MAX in elf32_load_elsewhere
diff --git a/common/lib/elf.c b/common/lib/elf.c
index d6b46670..4fd4a7fa 100644
--- a/common/lib/elf.c
+++ b/common/lib/elf.c
@@ -1065,7 +1065,6 @@ bool elf32_load_elsewhere(uint8_t *elf, size_t file_size, uint64_t *entry_point,
panic(true, "elf: Program header table extends beyond file bounds");
}
- size_t image_size = 0;
uint64_t min_paddr = (uint64_t)-1;
uint64_t max_paddr = 0;
for (uint16_t i = 0; i < hdr->ph_num; i++) {
@@ -1084,7 +1083,11 @@ bool elf32_load_elsewhere(uint8_t *elf, size_t file_size, uint64_t *entry_point,
max_paddr = top;
}
}
- image_size = max_paddr - min_paddr;
+ uint64_t image_size_64 = max_paddr - min_paddr;
+ if (image_size_64 > SIZE_MAX) {
+ panic(true, "elf: Image size exceeds address space");
+ }
+ size_t image_size = (size_t)image_size_64;
void *elsewhere = ext_mem_alloc(image_size);
