tools: imximage: Fix check array index

The struct dcd_v1_t is initialized to MAX_HW_CFG_SIZE_V1 (60)
 structs 'dcd_type_addr_data_t', so the indexes to use on its elements
 are [0,59]. But on line 478, the variable 'length' can take on the value
 60, which applies to array overflow: cd_v1->addr_data[length].type Thus,
 it is necessary to tighten the check on the 'size' variable on line 463.

Fixes: ceb62128e99b ("Prepare v2020.01")
Signed-off-by: Mikhail Ilin <ilin.mikhail.ol@gmail.com>

diff --git a/tools/imximage.c b/tools/imximage.c
index 5c23fba3b12162a2f81e004fa07a0fa8ea4fc115..354ee34c14a488e42e5aa753b83032e16a7262d6 100644 (file)
--- a/tools/imximage.c
+++ b/tools/imximage.c
@@ -460,7 +460,7 @@ static void print_hdr_v1(struct imx_header *imx_hdr)
        uint32_t size, length, ver;
 
        size = dcd_v1->preamble.length;
-       if (size > (MAX_HW_CFG_SIZE_V1 * sizeof(dcd_type_addr_data_t))) {
+       if (size >= (MAX_HW_CFG_SIZE_V1 * sizeof(dcd_type_addr_data_t))) {
                fprintf(stderr,
                        "Error: Image corrupt DCD size %d exceed maximum %d\n",
                        (uint32_t)(size / sizeof(dcd_type_addr_data_t)),