commit ecab4fce51016418c3caae75f9f17b187cc3e0e8
author Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net> Thu Jul 03 14:40:06 2008 +0000
committer Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net> Thu Jul 03 14:40:06 2008 +0000
tree 953aa9a35f8ae39071d0443382bd5b5eb9f83d64
parent 27c3e2dc23b2df8586eafbe6629ee01a4ad6784b

Improve coreboot image detection heuristic

It's not absolutely perfect, but the likelihood of this check to fail is
0.000000000000000000000000013 (1.3*10^-26) which is good enough for me.

Corresponding to flashrom svn r292 and coreboot v2 svn r3408.

Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>
Acked-by: Stefan Reinauer <stepan@coresystems.de> 

layout.c

diff --git a/layout.c b/layout.c
index a738fb2..f41e0ea 100644
--- a/layout.c
+++ b/layout.c
@@ -21,6 +21,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <ctype.h>
 #include <stdint.h>
 #include "flash.h"
 
@@ -57,7 +58,18 @@
 		walk--;
 	}
 
-	if ((*walk) == 0 || ((*walk) & 0x3ff) != 0) {
+	/*
+	 * Check if coreboot last image size is 0 or not a multiple of 1k or
+	 * bigger than the chip or if the pointers to vendor ID or mainboard ID
+	 * are outside the image of if the start of ID strings are nonsensical
+	 * (nonprintable and not \0).
+	 */
+	if ((*walk) == 0 || ((*walk) & 0x3ff) != 0 || *walk > size ||
+		*(walk - 1) > size || *(walk - 2) > size ||
+		(!isprint((const char *)(bios + size - *(walk - 1))) &&
+		((const char *)(bios + size - *(walk - 1)))) ||
+		(!isprint((const char *)(bios + size - *(walk - 2))) &&
+		((const char *)(bios + size - *(walk - 2))))) {
 		printf("Flash image seems to be a legacy BIOS. Disabling checks.\n");
 		mainboard_vendor = def_name;
 		mainboard_part = def_name;