From b701bb14c6fc82edfb07c2f6087b96e36dd48efe Mon Sep 17 00:00:00 2001
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
Date: Wed, 25 Mar 2015 20:23:30 +0200
Subject: intel_bios_reader: Don't explode looking for the devid
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Check that the offset where expect to find the device id is withing the
BIOS image, instead of accessing whatever (if anything) happens to be
there.

Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
---
 tools/intel_bios_reader.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'tools')

diff --git a/tools/intel_bios_reader.c b/tools/intel_bios_reader.c
index a5412f5a..bb6139eb 100644
--- a/tools/intel_bios_reader.c
+++ b/tools/intel_bios_reader.c
@@ -1055,11 +1055,14 @@ err:
 
 
 static int
-get_device_id(unsigned char *bios)
+get_device_id(unsigned char *bios, int size)
 {
     int device;
     int offset = (bios[0x19] << 8) + bios[0x18];
 
+    if (offset + 7 >= size)
+	return -1;
+
     if (bios[offset] != 'P' ||
 	bios[offset+1] != 'C' ||
 	bios[offset+2] != 'I' ||
@@ -1299,7 +1302,7 @@ int main(int argc, char **argv)
 	printf("\n");
 
 	if (devid == -1)
-	    devid = get_device_id(VBIOS);
+	    devid = get_device_id(VBIOS, size);
 	if (devid == -1)
 	    printf("Warning: could not find PCI device ID!\n");
 
-- 
cgit v1.2.3