Commit 97b3efa3 authored by Ben Walker's avatar Ben Walker
Browse files

blob: Verify parsing does not run off end of page 



Change-Id: I2663e0518705ffd23afbb69c7ae5bf5aff001c85
Signed-off-by: default avatarBen Walker <benjamin.walker@intel.com>
parent 0b89cff2

lib/blob/blobstore.c

+4 −1
Original line number Diff line number Diff line
@@ -249,8 +249,11 @@ _spdk_blob_parse_page(const struct spdk_blob_md_page *page, struct spdk_blob *bl 
		}



		/* Advance to the next descriptor */

		desc = (struct spdk_blob_md_descriptor *)((uintptr_t)desc + sizeof(*desc) + desc->length);

		cur_desc += sizeof(*desc) + desc->length;

		if (cur_desc + sizeof(*desc) > sizeof(page->descriptors)) {

			break;

		}

		desc = (struct spdk_blob_md_descriptor *)((uintptr_t)page->descriptors + cur_desc);

	}

}

lib/blob/blobstore.h

+1 −1
Original line number Diff line number Diff line
@@ -217,7 +217,7 @@ struct spdk_blob_md_page { 
	uint32_t	reserved0;



	/* Descriptors here */

	uint64_t	descriptors[509];

	uint8_t		descriptors[4072];



	uint32_t	next;

	uint32_t	crc;