Fix a NULL pointer access when boot components are uncompressed

When boot components are not compressed, their names do not have any file extension. When checking whether a component is a GZIP file, code in payload.c calls function isgzip(s) with `s' being a component name. The name is passed to ext() which returns NULL if no extension is present. The result is directly passed by isgzip() to str_cmp() and would cause a NULL pointer access in the latter function. Fix this by updating function isgzip() to check a result from the ext() call. For consistency, update similarly function basename() in the same file.
petrpavlu · May 26, 2020 · df7dc9e · df7dc9e
1 parent 145a13b
commit df7dc9e
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/boot/generic/src/payload.c b/boot/generic/src/payload.c
@@ -60,13 +60,14 @@ static const char *ext(const char *s)
 static void basename(char *s)
 {
 	char *e = (char *) ext(s);
-	if (str_cmp(e, ".gz") == 0)
+	if (e != NULL && str_cmp(e, ".gz") == 0)
 		*e = '\0';
 }
 
 static bool isgzip(const char *s)
 {
-	return str_cmp(ext(s), ".gz") == 0;
+	const char *e = ext(s);
+	return e != NULL && str_cmp(e, ".gz") == 0;
 }
 
 static bool overlaps(uint8_t *start1, uint8_t *end1,