On Fri, Nov 9, 2018 at 1:37 AM Fabio Estevam festevam@gmail.com wrote:
Hi Andrea,
On Tue, Nov 6, 2018 at 12:57 PM Andrea Barisani andrea.barisani@f-secure.com wrote:
# load large file => ext2load mmc 0 0x60000000 fitimage.itb
Does this change work for you? http://dark-code.bulix.org/u6gw3b-499924
My understanding was U-Boot text or stack could get overwritten which leads to the loaded bytes being executed as code. So you would have to check that the loaded range is within ram but not within that reserved range of code or stack (or heap).
Getting this reserved range is what 'boot_start_lmb' does (in bootm.c). Maybe this code can be refactored and reused in fs.c to get a valid range for loading?
Additionally, your patch checks the loaded file's size without taking the load address into account. So unless I read that wrong, your check is only valid for 'addr == 0'. Plus, the 'bytes' parameter should probably be a restriction to the file's size when checking for a valid load range.
Simon