aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic/files/drivers
diff options
context:
space:
mode:
Diffstat (limited to 'target/linux/generic/files/drivers')
-rw-r--r--target/linux/generic/files/drivers/mtd/mtdsplit/mtdsplit_wrgg.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/target/linux/generic/files/drivers/mtd/mtdsplit/mtdsplit_wrgg.c b/target/linux/generic/files/drivers/mtd/mtdsplit/mtdsplit_wrgg.c
index 5ce7625731..6c137c52ec 100644
--- a/target/linux/generic/files/drivers/mtd/mtdsplit/mtdsplit_wrgg.c
+++ b/target/linux/generic/files/drivers/mtd/mtdsplit/mtdsplit_wrgg.c
@@ -72,6 +72,16 @@ static int mtdsplit_parse_wrgg(struct mtd_info *master,
/* sanity checks */
if (le32_to_cpu(hdr.magic1) == WRGG03_MAGIC) {
kernel_ent_size = hdr_len + be32_to_cpu(hdr.size);
+ /*
+ * If this becomes silly big it's probably because the
+ * WRGG image is little-endian.
+ */
+ if (kernel_ent_size > master->size)
+ kernel_ent_size = hdr_len + le32_to_cpu(hdr.size);
+
+ /* Now what ?! It's neither */
+ if (kernel_ent_size > master->size)
+ return -EINVAL;
} else if (le32_to_cpu(hdr.magic1) == WRG_MAGIC) {
kernel_ent_size = sizeof(struct wrg_header) + le32_to_cpu(
((struct wrg_header*)&hdr)->size);
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 12:09:13 +0000