From ecab4fce51016418c3caae75f9f17b187cc3e0e8 Mon Sep 17 00:00:00 2001
From: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>
Date: Thu, 3 Jul 2008 14:40:06 +0000
Subject: Improve coreboot image detection heuristic

It's not absolutely perfect, but the likelihood of this check to fail is
0.000000000000000000000000013 (1.3*10^-26) which is good enough for me.

Corresponding to flashrom svn r292 and coreboot v2 svn r3408.

Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>
Acked-by: Stefan Reinauer <stepan@coresystems.de>
---
 layout.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'layout.c')

diff --git a/layout.c b/layout.c
index a738fb22..f41e0ea3 100644
--- a/layout.c
+++ b/layout.c
@@ -21,6 +21,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <ctype.h>
 #include <stdint.h>
 #include "flash.h"
 
@@ -57,7 +58,18 @@ int show_id(uint8_t *bios, int size, int force)
 		walk--;
 	}
 
-	if ((*walk) == 0 || ((*walk) & 0x3ff) != 0) {
+	/*
+	 * Check if coreboot last image size is 0 or not a multiple of 1k or
+	 * bigger than the chip or if the pointers to vendor ID or mainboard ID
+	 * are outside the image of if the start of ID strings are nonsensical
+	 * (nonprintable and not \0).
+	 */
+	if ((*walk) == 0 || ((*walk) & 0x3ff) != 0 || *walk > size ||
+		*(walk - 1) > size || *(walk - 2) > size ||
+		(!isprint((const char *)(bios + size - *(walk - 1))) &&
+		((const char *)(bios + size - *(walk - 1)))) ||
+		(!isprint((const char *)(bios + size - *(walk - 2))) &&
+		((const char *)(bios + size - *(walk - 2))))) {
 		printf("Flash image seems to be a legacy BIOS. Disabling checks.\n");
 		mainboard_vendor = def_name;
 		mainboard_part = def_name;
-- 
cgit v1.2.3