Skip to content

[delta] Add bounds checks for delta image #693

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dgarske merged 4 commits into from
Feb 24, 2026
Merged

[delta] Add bounds checks for delta image #693

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
96228bd
Added boundary checks for delta image
danielinux Feb 24, 2026
b180574
Addressed copilot's comments
danielinux Feb 24, 2026
a4dc9c3
Use partition size as bound if header sector is erased
danielinux Feb 24, 2026
c9d94d6
Using 'len' iso magic number 70000 in test
danielinux Feb 24, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions src/delta.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,9 @@ int wb_patch(WB_PATCH_CTX *ctx, uint8_t *dst, uint32_t len)
sz = ctx->blk_sz;
if (sz > len)
sz = len;
if (ctx->blk_off > ctx->src_size ||
sz > ctx->src_size - ctx->blk_off)
return -1;
Comment thread
danielinux marked this conversation as resolved.
Outdated
memcpy(dst + dst_off, ctx->src_base + ctx->blk_off, sz);
if (ctx->blk_sz > len) {
ctx->blk_sz -= len;
Expand Down Expand Up @@ -150,6 +153,9 @@ int wb_patch(WB_PATCH_CTX *ctx, uint8_t *dst, uint32_t len)
} else {
copy_sz = sz;
}
if (src_off > ctx->src_size ||
copy_sz > ctx->src_size - src_off)
return -1;
memcpy(dst + dst_off, ctx->src_base + src_off, copy_sz);
Comment thread
danielinux marked this conversation as resolved.
if (sz == copy_sz) {
/* End of the block, reset counters and matching state */
Expand Down
45 changes: 45 additions & 0 deletions tools/unit-tests/unit-delta.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,49 @@ START_TEST(test_wb_patch_init_invalid)
}
END_TEST

START_TEST(test_wb_patch_src_bounds_invalid)
{
WB_PATCH_CTX patch_ctx;
uint8_t src[SRC_SIZE] = {0};
uint8_t patch[PATCH_SIZE] = {0};
uint8_t dst[DELTA_BLOCK_SIZE] = {0};
int ret;

/* ESC + header with src_off beyond src_size */
patch[0] = ESC;
patch[1] = 0x00; /* off[0] */
patch[2] = 0x10; /* off[1] -> 0x001000 */
patch[3] = 0x00; /* off[2] */
Comment thread
danielinux marked this conversation as resolved.
Outdated
patch[4] = 0x00; /* sz[0] */
patch[5] = 0x10; /* sz[1] -> 16 */

ret = wb_patch_init(&patch_ctx, src, SRC_SIZE, patch, BLOCK_HDR_SIZE);
ck_assert_int_eq(ret, 0);

ret = wb_patch(&patch_ctx, dst, sizeof(dst));
ck_assert_int_eq(ret, -1);
}
END_TEST

START_TEST(test_wb_patch_resume_bounds_invalid)
{
WB_PATCH_CTX patch_ctx;
uint8_t src[SRC_SIZE] = {0};
uint8_t patch[PATCH_SIZE] = {0};
uint8_t dst[DELTA_BLOCK_SIZE] = {0};
int ret;

ret = wb_patch_init(&patch_ctx, src, SRC_SIZE, patch, BLOCK_HDR_SIZE);
ck_assert_int_eq(ret, 0);

patch_ctx.matching = 1;
patch_ctx.blk_off = SRC_SIZE + 1;
patch_ctx.blk_sz = 4;

ret = wb_patch(&patch_ctx, dst, sizeof(dst));
ck_assert_int_eq(ret, -1);
}
END_TEST

START_TEST(test_wb_diff_init_invalid)
{
Expand Down Expand Up @@ -162,6 +205,8 @@ Suite *patch_diff_suite(void)

tcase_add_test(tc_wolfboot_delta, test_wb_patch_init_invalid);
tcase_add_test(tc_wolfboot_delta, test_wb_diff_init_invalid);
tcase_add_test(tc_wolfboot_delta, test_wb_patch_src_bounds_invalid);
tcase_add_test(tc_wolfboot_delta, test_wb_patch_resume_bounds_invalid);
tcase_add_test(tc_wolfboot_delta, test_wb_patch_and_diff);
suite_add_tcase(s, tc_wolfboot_delta);

Expand Down
Loading