Snap for 6449999 from b7fe9c3b204c94975335e38f3296b418c1ba9bb0 to rvc-d1-release
Change-Id: I294dd8ae4fbc11de2833edc7721b573ba52aad81
diff --git a/libavb/avb_descriptor.c b/libavb/avb_descriptor.c
index cfc2aac..7030a40 100644
--- a/libavb/avb_descriptor.c
+++ b/libavb/avb_descriptor.c
@@ -88,6 +88,10 @@
}
for (p = desc_start; p < desc_end;) {
+ if (p + sizeof(AvbDescriptor) > desc_end) {
+ avb_error("Invalid descriptor length.\n");
+ goto out;
+ }
const AvbDescriptor* dh = (const AvbDescriptor*)p;
avb_assert_aligned(dh);
uint64_t nb_following = avb_be64toh(dh->num_bytes_following);