From patchwork Tue Aug 14 00:43:09 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eugeniu Rosca <roscaeugeniu@gmail.com>
X-Patchwork-Id: 957323
X-Patchwork-Delegate: trini@ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.denx.de
	(client-ip=81.169.180.215; helo=lists.denx.de;
	envelope-from=u-boot-bounces@lists.denx.de;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="ORYKNZgu"; dkim-atps=neutral
Received: from lists.denx.de (dione.denx.de [81.169.180.215])
	by ozlabs.org (Postfix) with ESMTP id 41qDST14Wsz9s8f
	for <incoming@patchwork.ozlabs.org>;
	Tue, 14 Aug 2018 10:46:48 +1000 (AEST)
Received: by lists.denx.de (Postfix, from userid 105)
	id B2453C21E3A; Tue, 14 Aug 2018 00:45:46 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=FREEMAIL_FROM,
	RCVD_IN_MSPIKE_H2,
	T_DKIM_INVALID autolearn=unavailable autolearn_force=no
	version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
	by lists.denx.de (Postfix) with ESMTP id 87B81C21DD4;
	Tue, 14 Aug 2018 00:45:43 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
	id 6E280C21E08; Tue, 14 Aug 2018 00:44:18 +0000 (UTC)
Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com
	[209.85.221.65])
	by lists.denx.de (Postfix) with ESMTPS id 8148EC21DFF
	for <u-boot@lists.denx.de>; Tue, 14 Aug 2018 00:44:15 +0000 (UTC)
Received: by mail-wr1-f65.google.com with SMTP id v14-v6so15733608wro.5
	for <u-boot@lists.denx.de>; Mon, 13 Aug 2018 17:44:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=Ry3t8jDnEiX41BjT0SaoYlf1zMSta/6v7xx0XeGJL3c=;
	b=ORYKNZguvHW52MmWOzZCBkGKUejWnIX6UQ6jmL+/Go5h060vbF5L17GCghtppamQdp
	5aa/x1f6W1r9P5TRBb00rqO3Fs79VrOwBP1y5ZNQfCpys6bYIYuApJS/WsbJu3h3eEXq
	OZVx1A1RMqhdHzTH1V5Unpt7mBPvhW6nG00s5ZGy5GgiGj4jgipxKJnvABHFygWZlTyb
	pQu6OZfB0tF1/BBzOVjxjrZrVLAsrri0cjiuGw/4qxNC7LB5gKZJykWJjY6AuVV9X6ZN
	Fz2eM5TUGT7Rooud4OcLnKvEyTDuUZH8g/MqTF2z0RwmLc5vej1IYqysGpw61y78KSec
	vGAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=Ry3t8jDnEiX41BjT0SaoYlf1zMSta/6v7xx0XeGJL3c=;
	b=QvatP4gFbC+vtJvrR8oGxa81EFWV9w/s8LVwr9oi3A8aVj032a0sP9RulCBuxhNWdT
	wZZjmqSRSpB9UYhDD8q2F5VvcL7oXRyj/K1uq+vxju7FhjKzy9RVUUptPkB/O/kll8e+
	npsqZNnpcAvXFwIWJ1ZP/y/5yyzS+rtwfCx+WczYBM5imHnvIz6PBXgNDkAJnlqkqYti
	O9+7vT4T//uJuhI533RfwxxRXb0WbJa10bW/KE7Hyg7697DMp12prIsD5KasKpkytb1k
	cdOd1KZp5LBcJ9uyE6rBmVYnlcHQ1hjGm+uP0RzMeG+Jr70D6FlEgmc63bP+XCB/LsaU
	YQcw==
X-Gm-Message-State: AOUpUlGbDFOyM1kNjvivfeGj0tGERt/N22i4cj6mde2vtjIubMiwXWei
	pp9TljvzPdTVPqoRDH1Hxis=
X-Google-Smtp-Source: 
 AA+uWPy8ggmIXNMCM6TTljGRs/SV17NZoiaa2Ku++3tnHQblFYIlDubScemD8oHtYHRNg+kTMj6TbA==
X-Received: by 2002:adf:b3d7:: with SMTP id
	x23-v6mr11929163wrd.253.1534207455223;
	Mon, 13 Aug 2018 17:44:15 -0700 (PDT)
Received: from localhost.localdomain
	(ipb218f402.dynamic.kabel-deutschland.de. [178.24.244.2])
	by smtp.gmail.com with ESMTPSA id
	66-v6sm23832576wmw.34.2018.08.13.17.44.14
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Mon, 13 Aug 2018 17:44:14 -0700 (PDT)
From: Eugeniu Rosca <roscaeugeniu@gmail.com>
X-Google-Original-From: Eugeniu Rosca <erosca@de.adit-jv.com>
To: Igor Opaniuk <igor.opaniuk@linaro.org>,
	u-boot@lists.denx.de
Date: Tue, 14 Aug 2018 02:43:09 +0200
Message-Id: <20180814004309.15271-7-erosca@de.adit-jv.com>
X-Mailer: git-send-email 2.18.0
In-Reply-To: <20180814004309.15271-1-erosca@de.adit-jv.com>
References: <20180814004309.15271-1-erosca@de.adit-jv.com>
Cc: Eugeniu Rosca <erosca@de.adit-jv.com>
Subject: [U-Boot] [PATCH 7/7] common: avb_verify: Fix division by zero in
	mmc_byte_io()
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Compiling U-Boot with ubsan/asan libraries and running it in sandbox
may lead to below backtrace:

 => avb init 0
 => avb verify
 ## Android Verified Boot 2.0 version 1.1.0
read_is_device_unlocked not supported yet
common/avb_verify.c:407:31: runtime error: division by zero
AddressSanitizer:DEADLYSIGNAL
Reviewed-by: Igor Opaniuk <igor.opaniuk@linaro.org>

=================================================================
==9388==ERROR: AddressSanitizer: FPE on unknown address 0x0000004b467f \
    (pc 0x0000004b467f bp 0x000000000000 sp 0x7ffd899fe150 T0)
    #0 0x4b467e in mmc_byte_io common/avb_verify.c:407
    #1 0x4b4c47 in mmc_byte_io common/avb_verify.c:532
    #2 0x4b4c47 in read_from_partition common/avb_verify.c:533
    #3 0x69dc0d in load_and_verify_vbmeta lib/libavb/avb_slot_verify.c:560
    #4 0x6a1ee6 in avb_slot_verify lib/libavb/avb_slot_verify.c:1139
    #5 0x45dabd in do_avb_verify_part cmd/avb.c:245
    #6 0x4af77c in cmd_call common/command.c:499
    #7 0x4af77c in cmd_process common/command.c:538
    #8 0x46bafc in run_pipe_real common/cli_hush.c:1677
    #9 0x46bafc in run_list_real common/cli_hush.c:1875
    #10 0x46c780 in run_list common/cli_hush.c:2024
    #11 0x46c780 in parse_stream_outer common/cli_hush.c:3216
    #12 0x46d34b in parse_file_outer common/cli_hush.c:3299
    #13 0x4ad609 in cli_loop common/cli.c:217
    #14 0x4625ae in main_loop common/main.c:65
    #15 0x46f2d1 in run_main_loop common/board_r.c:648
    #16 0x640253 in initcall_run_list lib/initcall.c:30
    #17 0x46f9d0 in board_init_r common/board_r.c:879
    #18 0x40539b in main arch/sandbox/cpu/start.c:321
    #19 0x7fa94925f82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #20 0x408908 in _start (/srv/R/u-boot-master/u-boot+0x408908)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE common/avb_verify.c:407 in mmc_byte_io
==9388==ABORTING

Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
---
 common/avb_verify.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/common/avb_verify.c b/common/avb_verify.c
index 3d2b4cbad92d..759df7bd25c0 100644
--- a/common/avb_verify.c
+++ b/common/avb_verify.c
@@ -402,6 +402,9 @@ static AvbIOResult mmc_byte_io(AvbOps *ops,
 	if (!part)
 		return AVB_IO_RESULT_ERROR_NO_SUCH_PARTITION;
 
+	if (!part->info.blksz)
+		return AVB_IO_RESULT_ERROR_IO;
+
 	start_offset = calc_offset(part, offset);
 	while (num_bytes) {
 		start_sector = start_offset / part->info.blksz;