From 507a70b1447ae389c614ac3d04ae853922935898 Mon Sep 17 00:00:00 2001
From: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
Date: Tue, 22 Nov 2022 12:34:26 +0300
Subject: tools: imximage: Fix check array index

The struct dcd_v1_t is initialized to MAX_HW_CFG_SIZE_V1 (60)
 structs 'dcd_type_addr_data_t', so the indexes to use on its elements
 are [0,59]. But on line 478, the variable 'length' can take on the value
 60, which applies to array overflow: cd_v1->addr_data[length].type Thus,
 it is necessary to tighten the check on the 'size' variable on line 463.

Fixes: 0b0c6af38738 ("Prepare v2020.01")
Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
---
 tools/imximage.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'tools')

diff --git a/tools/imximage.c b/tools/imximage.c
index 5c23fba3b12..354ee34c14a 100644
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -460,7 +460,7 @@ static void print_hdr_v1(struct imx_header *imx_hdr)
 	uint32_t size, length, ver;
 
 	size = dcd_v1->preamble.length;
-	if (size > (MAX_HW_CFG_SIZE_V1 * sizeof(dcd_type_addr_data_t))) {
+	if (size >= (MAX_HW_CFG_SIZE_V1 * sizeof(dcd_type_addr_data_t))) {
 		fprintf(stderr,
 			"Error: Image corrupt DCD size %d exceed maximum %d\n",
 			(uint32_t)(size / sizeof(dcd_type_addr_data_t)),
-- 
cgit v1.3.1


From 9017785acd247c6ba60d0f0c0e9722201f0b184c Mon Sep 17 00:00:00 2001
From: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
Date: Wed, 23 Nov 2022 13:48:44 +0300
Subject: tools: imx8mimage: Fix handle leak

The handle "fd" was created in imx8mimage.c:178 by calling
 the "fopen" function and is lost in imx8mimage.c:210.
 Should close the 'fd' file descriptor before exiting
 the parse_cfg_file(char *name) function.

Fixes: 6609c2663c9c ("tools: add i.MX8M image support")
Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
---
 tools/imx8mimage.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'tools')

diff --git a/tools/imx8mimage.c b/tools/imx8mimage.c
index 35d0a92bfdf..3ca79d865aa 100644
--- a/tools/imx8mimage.c
+++ b/tools/imx8mimage.c
@@ -207,6 +207,7 @@ static uint32_t parse_cfg_file(char *name)
 		}
 	}
 
+	fclose(fd);
 	return 0;
 }
 
-- 
cgit v1.3.1


From f75e92f7f7bffe724dccd6769b37f95e0aa7842c Mon Sep 17 00:00:00 2001
From: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
Date: Wed, 23 Nov 2022 13:59:49 +0300
Subject: tools: imx8image: Fix handle leak

The handle "fd" was created in imx8image.c:249 by calling the "fopen"
 function and is lost in imx8image.c:282.
 Should close the 'fd' file descriptor before exiting the
 parse_cfg_file(image_t *param_stack, char *name) function.

Fixes: a2b96ece5be1 ("tools: add i.MX8/8X image support")
Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 tools/imx8image.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'tools')

diff --git a/tools/imx8image.c b/tools/imx8image.c
index 01e14869114..395d5c64bdf 100644
--- a/tools/imx8image.c
+++ b/tools/imx8image.c
@@ -279,6 +279,7 @@ static uint32_t parse_cfg_file(image_t *param_stack, char *name)
 		}
 	}
 
+	fclose(fd);
 	return 0;
 }
 
-- 
cgit v1.3.1