Version 0.2.1

Added checks for files with invalid size

basetypes.h

@@ -70,6 +70,7 @@ typedef uint16_t  CHAR16;
 #define ERR_INVALID_VOLUME                11
 #define ERR_VOLUME_REVISION_NOT_SUPPORTED 12
 #define ERR_UNKNOWN_FFS                   13
+#define ERR_INVALID_FILE                  14
 
 
 // EFI GUID

ffs.cpp

@@ -17,6 +17,9 @@ const UINT8 ffsAlignmentTable[] =
 
 UINT8 calculateChecksum8(UINT8* buffer, UINT32 bufferSize)
 {
+    if(!buffer)
+		return 0;
+	
 	UINT8 counter = 0;
     while(bufferSize--)
         counter += buffer[bufferSize];
@@ -25,6 +28,9 @@ UINT8 calculateChecksum8(UINT8* buffer, UINT32 bufferSize)
 
 UINT16 calculateChecksum16(UINT8* buffer, UINT32 bufferSize)
 {
+    if(!buffer)
+		return 0;
+	
 	UINT16 counter = 0;
     while(bufferSize--)
         counter += buffer[bufferSize];

uefitool.cpp

@@ -561,6 +561,13 @@ UINT8 UEFITool::parseVolume(const QByteArray & volume, UINT32 volumeBase, UINT8
         QByteArray file = volume.mid(fileIndex, uint24ToUint32(fileHeader->Size));
         QByteArray header = file.left(sizeof(EFI_FFS_FILE_HEADER));
         
+		// Check file size to at least sizeof(EFI_FFS_FILE_HEADER)
+		if (file.size() < sizeof(EFI_FFS_FILE_HEADER))
+		{
+			debug(tr("File with invalid size"));
+			return ERR_INVALID_FILE;
+		}
+
         // We are at empty space in the end of volume
         if (header.count(empty) == header.size()) {
             QByteArray body = volume.right(volume.size() - fileIndex);
@@ -736,7 +743,6 @@ UINT8 UEFITool::parseFile(const QByteArray & file, UINT8 revision, bool erasePol
         UINT32 dataSize;
         QModelIndex index;
         UINT32 result;
-        bool lzmaHeaderFound;
 
         switch (sectionHeader->Type)
         {
@@ -796,40 +802,12 @@ UINT8 UEFITool::parseFile(const QByteArray & file, UINT8 revision, bool erasePol
                 if (LzmaGetInfo(data, dataSize, &decompressedSize) != ERR_SUCCESS
                     ||  decompressedSize != compressedSectionHeader->UncompressedLength)
                 {
-                    // Shitty file with some data between COMPRESSED_SECTION_HEADER and LZMA_HEADER
+                    // Shitty file with a section header between COMPRESSED_SECTION_HEADER and LZMA_HEADER
-                    // Search for LZMA header in body
+					data = (VOID*) (file.constData() + sectionIndex + sizeof(EFI_COMPRESSION_SECTION) + sizeof(EFI_COMMON_SECTION_HEADER));
-                    // Header structure: UINT8 LzmaProperties | UINT32 DictionarySize | UINT64 DecompressedSize
+					dataSize = uint24ToUint32(sectionHeader->Size) - sizeof(EFI_COMPRESSION_SECTION) - sizeof(EFI_COMMON_SECTION_HEADER);
-                    // We can't determine first two fiels here, but Decompressed size is known, so search for it
+					if (LzmaGetInfo(data, dataSize, &decompressedSize) != ERR_SUCCESS)
-                    INT32 lzmaHeaderIndex = body.indexOf(QByteArray((const char*)&compressedSectionHeader->UncompressedLength, 
+						debug(tr("LzmaGetInfo failed"));
-                        sizeof(compressedSectionHeader->UncompressedLength)).append('\x00').append('\x00').append('\x00').append('\x00'));
-                    lzmaHeaderIndex -= LZMA_PROPS_SIZE;
-                    // LZMA header not found
-                    if (lzmaHeaderIndex < 0)
-                    {
-                        lzmaHeaderFound = false;
-                        debug(tr("Lzma header not found"));
                 }   
-                    // LZMA header found
-                    else if (lzmaHeaderIndex) {
-                        data = (VOID*) (file.constData() + sectionIndex + sizeof(EFI_COMPRESSION_SECTION) + lzmaHeaderIndex);
-                        dataSize = uint24ToUint32(sectionHeader->Size) - sizeof(EFI_COMPRESSION_SECTION) - lzmaHeaderIndex;
-                        // Get buffer sizes again
-                        if (LzmaGetInfo(data, dataSize, &decompressedSize) != ERR_SUCCESS
-                            ||  decompressedSize != compressedSectionHeader->UncompressedLength)
-                        {
-                            debug(tr("LzmaGetInfo failed on LZMA header"));
-                            lzmaHeaderFound = false;
-                        }
-                        else
-                            debug(tr("Padding of size %1 between CompressedSectionHeader and LzmaHeader")
-                                .arg(lzmaHeaderIndex));
-                    }
-                    lzmaHeaderFound = true;
-                }   
-                else
-                    lzmaHeaderFound = true;
-                // Decompress if header is found
-                if (lzmaHeaderFound) {
 				decompressed = new UINT8[decompressedSize];
 				// Decompress section data
 				if (LzmaDecompress(data, dataSize, decompressed) != ERR_SUCCESS)
@@ -844,7 +822,6 @@ UINT8 UEFITool::parseFile(const QByteArray & file, UINT8 revision, bool erasePol
 				}
 
 				delete[] decompressed;
-                }
                 break;
             default:
                 body  = file.mid(sectionIndex + sizeof(EFI_COMPRESSION_SECTION), sectionSize - sizeof(EFI_COMPRESSION_SECTION));

uefitool.pro

@@ -30,5 +30,4 @@ HEADERS  += uefitool.h \
             Tiano/EfiTianoCompress.h
 FORMS    += uefitool.ui
 RC_FILE   = uefitool.rc
-
 ICON      = uefitool.icns

uefitool.ui

@@ -20,7 +20,7 @@
    <bool>true</bool>
   </property>
   <property name="windowTitle">
-   <string>UEFITool 0.2.0</string>
+   <string>UEFITool 0.2.1</string>
   </property>
   <widget class="QWidget" name="centralWidget">
    <property name="sizePolicy">