diff mbox

[edk2,1/5] EmbeddedPkg: do not ASSERT() on valid external input

Message ID 1430837315-7388-2-git-send-email-ard.biesheuvel@linaro.org
State New
Headers show

Commit Message

Ard Biesheuvel May 5, 2015, 2:48 p.m. UTC 
Since ASSERT()s are enabled even on all ArmPlatformPkg RELEASE
builds, ASSERT()ing on a valid FDT header will crash the firmware
if the user selects an incorrect file. Since ASSERT() is meant to
catch internal inconsistencies in the firmware, its use here is
inappropriate.

Instead, handle it as a normal error condition.

Contributed-under: TianoCore Contribution Agreement 1.0
Reviewed-by: Olivier Martin <olivier.martin@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)
diff mbox

Patch

diff --git a/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c b/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c
index e777b0f7f7ed..90ac9d36d5e9 100644
--- a/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c
+++ b/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c
@@ -404,15 +404,16 @@  InstallFdt (
     goto Error;
   }
 
-  // Check the FDT header is valid. We only make this check in DEBUG mode in
-  // case the FDT header change on production device and this ASSERT() becomes
-  // not valid.
-  ASSERT (fdt_check_header ((VOID*)(UINTN)FdtBlobBase) == 0);
-
   //
-  // Ensure the Size of the Device Tree is smaller than the size of the read file
+  // Ensure that the FDT header is valid and that the Size of the Device Tree
+  // is smaller than the size of the read file
   //
-  ASSERT ((UINTN)fdt_totalsize ((VOID*)(UINTN)FdtBlobBase) <= FdtBlobSize);
+  if (fdt_check_header ((VOID*)(UINTN)FdtBlobBase) != 0 ||
+      (UINTN)fdt_totalsize ((VOID*)(UINTN)FdtBlobBase) > FdtBlobSize) {
+    DEBUG ((EFI_D_ERROR, "InstallFdt() - loaded FDT binary image seems corrupt\n"));
+    Status = EFI_LOAD_ERROR;
+    goto Error;
+  }
 
   //
   // Store the FDT as Runtime Service Data to prevent the Kernel from