Check that there is enough space for AvbDescriptor
Test: put corrupted apex on /system_ext/apex
Test: verified it's not activated
Test: atest --host libavb_host_unittest
Bug: 146516087
Change-Id: Ic85cbd580b4a5e6514db68359e78fae7455e0fb8
diff --git a/libavb/avb_descriptor.c b/libavb/avb_descriptor.c
index cfc2aac..7030a40 100644
--- a/libavb/avb_descriptor.c
+++ b/libavb/avb_descriptor.c
@@ -88,6 +88,10 @@
}
for (p = desc_start; p < desc_end;) {
+ if (p + sizeof(AvbDescriptor) > desc_end) {
+ avb_error("Invalid descriptor length.\n");
+ goto out;
+ }
const AvbDescriptor* dh = (const AvbDescriptor*)p;
avb_assert_aligned(dh);
uint64_t nb_following = avb_be64toh(dh->num_bytes_following);