Switch to using the zerocopy crate for all parsers #384
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chenxiaolong
force-pushed
the
zerocopy
branch
from
776f028 to
3cb534f
Compare
Signed-off-by: Andrew Gunnerson <[email protected]>
>=0.8.10 is needed for the new read_from_io()/write_to_io() helper functions. Signed-off-by: Andrew Gunnerson <[email protected]>
This commit also adds support for parsing FEC images with unknown extra custom fields. Signed-off-by: Andrew Gunnerson <[email protected]>
Signed-off-by: Andrew Gunnerson <[email protected]>
Signed-off-by: Andrew Gunnerson <[email protected]>
Signed-off-by: Andrew Gunnerson <[email protected]>
This commit also fixes a bug where avb::Header::release_string was allowed to take the full 48-bytes, which was incorrect because libavb expects the field to be NULL-terminated. This was not a problem in practice because the release string is usually short and even if it wasn't, the 80 reserved bytes that immediately follow it are all zeros. Signed-off-by: Andrew Gunnerson <[email protected]>
Signed-off-by: Andrew Gunnerson <[email protected]>
Signed-off-by: Andrew Gunnerson <[email protected]>
Signed-off-by: Andrew Gunnerson <[email protected]>
Signed-off-by: Andrew Gunnerson <[email protected]>
chenxiaolong
force-pushed
the
zerocopy
branch
from
3cb534f to
5c353a5
Compare
chenxiaolong
added a commit
that referenced
this pull request
Dec 1, 2024
Signed-off-by: Andrew Gunnerson <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
All parsers now read and write headers as entire structs (safely) via the zerocopy crate instead of reading/writing them field-by-field.
This PR also fixes a bug in how the AVB/vbmeta parser handled the
release_stringfield. The field is 48 bytes in length, but the string must be NULL terminated. When writing the AVB header, a 48-byte string was accepted as valid and left not-NULL-terminated, instead of failing.In practice, the security concern is extremely minimal. avbroot preserves the original
release_string, which is alwaysavbtool 1.2.0oravbtool 1.3.0for AVB headers created by AOSP'savbtool(it is hardcoded). However, even if it the AVB headers had a 48-byte string, any bootloader that's based on AOSP's reference libavb implementation will not perform an out-of-bounds read because it checks that the last byte is 0. (And even if it doesn't, the 80 reserved bytes that immediately followrelease_stringare almost certainly filled with zeros.)Finally, the FEC parser was extended so that it can parse FEC images with unknown extra custom fields.