futility: fix segfault when displaying truncated kernels

Also added a test for it. BUG=none BRANCH=none TEST=make runtests Change-Id: I108c75d114400e664f0ad1f29038a94cb1effd54 Signed-off-by: Bill Richardson <wfrichar@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/233037 Reviewed-by: Randall Spangler <rspangler@chromium.org>
2026-01-11 18:35:28 +00:00 · 2014-12-02 19:31:38 -08:00
parent 108d991c67
commit bd2eb59ded
2 changed files with 24 additions and 2 deletions
--- a/futility/cmd_show.c
+++ b/futility/cmd_show.c
@@ -382,7 +382,7 @@ int futil_cb_show_kernel_preamble(struct futil_traverse_state_s *state)
 	uint32_t len = state->my_area->len;
 	VbPublicKey *sign_key = option.k;
 	uint8_t *kernel_blob = 0;
-	uint64_t kernel_size;
+	uint64_t kernel_size = 0;
 	int good_sig = 0;
 	int retval = 0;

@@ -441,7 +441,7 @@ int futil_cb_show_kernel_preamble(struct futil_traverse_state_s *state)
 		/* It's in a separate file, which we've already read in */
 		kernel_blob = option.fv;
 		kernel_size = option.fv_size;
-	} else {
+	} else if (state->my_area->len > option.padding) {
 		/* It should be at an offset within the input file. */
 		kernel_blob = state->my_area->buf + option.padding;
 		kernel_size = state->my_area->len - option.padding;
--- a/tests/futility/test_show_kernel.sh
+++ b/tests/futility/test_show_kernel.sh
@@ -50,6 +50,28 @@ ${FUTILITY} show ${TMP}.kernel.test \

 echo 'Test kernel blob looks good'

+# Mess up the padding, make sure it fails.
+rc=0
+${FUTILITY} show ${TMP}.kernel.test \
+    --pad 0x100 \
+    --publickey ${DEVKEYS}/kernel_subkey.vbpubk \
+  || rc=$?
+[ $rc -ne 0 ]
+[ $rc -lt 128 ]
+
+echo 'Invalid args are invalid'
+
+# Look waaaaaay off the end of the file, make sure it fails.
+rc=0
+${FUTILITY} show ${TMP}.kernel.test \
+    --pad 0x100000 \
+    --publickey ${DEVKEYS}/kernel_subkey.vbpubk \
+  || rc=$?
+[ $rc -ne 0 ]
+[ $rc -lt 128 ]
+
+echo 'Really invalid args are still invalid'
+
 # cleanup
 rm -rf ${TMP}*
 exit 0