summaryrefslogtreecommitdiff
path: root/src/apps/http/makefsdata
diff options
context:
space:
mode:
authorAristo Chen <[email protected]>2026-06-19 14:45:51 +0000
committerTom Rini <[email protected]>2026-07-01 12:42:23 -0600
commit3900903a588964555c9e76cca53ada7d217c00f7 (patch)
treea09aa1079422bb3c96934a40b71744477fa48a30 /src/apps/http/makefsdata
parent204eefab537f8f662abdbbce09eb6b5884ae699d (diff)
bootm: move OS index bound check into the legacy path
Commit 103b1e7ce8cc ("bootm: bound-check OS index in bootm_os_get_boot_func()") added a range check to the shared accessor so an out-of-range OS id can no longer drive an out-of-bounds read of boot_os[]. That accessor is reached by every image format, but only a legacy uImage can deliver an unchecked value. bootm_find_os() takes the raw 8-bit ih_os byte straight from image_get_os() for legacy images, whereas the FIT path reaches the accessor only after fit_image_load() has rejected any image whose os is not one of the supported types, and the Android path hardcodes IH_OS_LINUX. The check can therefore never fail for FIT, where it only adds confusion and code. Move the test to the legacy branch of bootm_find_os(), rejecting an out-of-range OS where the untrusted byte enters. This keeps the FIT path clear and lets the check be compiled out when CONFIG_LEGACY_IMAGE_FORMAT is disabled. A valid OS id that has no handler is still reported by the existing NULL return path in bootm_run_states(). Suggested-by: Simon Glass <[email protected]> Signed-off-by: Aristo Chen <[email protected]> Reviewed-by: Simon Glass <[email protected]>
Diffstat (limited to 'src/apps/http/makefsdata')
0 files changed, 0 insertions, 0 deletions