www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Ping-Ke Shih <pkshih@realtek.com>
	Mon, 3 Feb 2025 07:29:10 +0000 (15:29 +0800)
committer	Ping-Ke Shih <pkshih@realtek.com>
	Mon, 10 Feb 2025 03:01:51 +0000 (11:01 +0800)
commit	1f0efffd597893404aea5c3d4f1bdaa1c61d4434
tree	076702fb5e2a174e983baf06b800120188c9918a	tree
parent	5dde1a569c13d1c97cde8445c2abcd3114f6e6ca	commit \| diff

wifi: rtw89: fw: validate multi-firmware header before accessing

A firmeware file contains multi-firmware with a header to represent
contents. The mfw_hdr->fw_nr is to define number of firmware in file.

         +-----+-------+------+---------+--------------+
         | sig | fw_nr | rsvd | version | reserved     |
         +---------------------------------------------+ --
fw 0    | cv | type | mp | rsvd | shift | size | rsvd |   \
         +---------------------------------------------+   |
fw 1    | cv | type | mp | rsvd | shift | size | rsvd |   | mfw_hdr->fw_nr
         +---------------------------------------------+   |
fw N-1  |                  ...                        |   /
         +=============================================+ --
         |               fw 0 content                  |
         |       (pointed by fw0 shift/size)           |
         +=============================================+

To avoid Coverity warning, validate header is in range of firmware size,
and also validate the range of actual firmware content is in range.

Addresses-Coverity-ID: 1494046 ("Untrusted loop bound")

Signed-off-by: Ping-Ke Shih <pkshih@realtek.com>
Link: https://patch.msgid.link/20250203072911.47313-4-pkshih@realtek.com