From b96772190a2bb2c46802bd0f86bbeef0f47444d1 Mon Sep 17 00:00:00 2001
From: vit9696 <vit9696@users.noreply.github.com>
Date: Fri, 25 Sep 2020 18:16:10 +0300
Subject: [PATCH] Workaround crash with AMI addressDiff calculation

references #219
---
 common/ffsparser.cpp | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/common/ffsparser.cpp b/common/ffsparser.cpp
index fb309a4..5174d0d 100644
--- a/common/ffsparser.cpp
+++ b/common/ffsparser.cpp
@@ -3453,19 +3453,24 @@ USTATUS FfsParser::checkProtectedRanges(const UModelIndex & index)
             && bgProtectedRanges[i].Size != 0 && bgProtectedRanges[i].Size != 0xFFFFFFFF
             && bgProtectedRanges[i].Offset != 0 && bgProtectedRanges[i].Offset != 0xFFFFFFFF) {
 
-            bgProtectedRanges[i].Offset -= (UINT32)addressDiff;
-            protectedParts = openedImage.mid(bgProtectedRanges[i].Offset, bgProtectedRanges[i].Size);
+            if ((UINT64)bgProtectedRanges[i].Offset >= addressDiff) {
+                bgProtectedRanges[i].Offset -= (UINT32)addressDiff;
+                protectedParts = openedImage.mid(bgProtectedRanges[i].Offset, bgProtectedRanges[i].Size);
 
-            UByteArray digest(SHA256_DIGEST_SIZE, '\x00');
-            sha256(protectedParts.constData(), protectedParts.size(), digest.data());
+                UByteArray digest(SHA256_DIGEST_SIZE, '\x00');
+                sha256(protectedParts.constData(), protectedParts.size(), digest.data());
 
-            if (digest != bgProtectedRanges[i].Hash) {
-                msg(usprintf("%s: AMI protected range [%Xh:%Xh] hash mismatch, opened image may refuse to boot", __FUNCTION__,
-                    bgProtectedRanges[i].Offset, bgProtectedRanges[i].Offset + bgProtectedRanges[i].Size),
-                    model->findByBase(bgProtectedRanges[i].Offset));
+                if (digest != bgProtectedRanges[i].Hash) {
+                    msg(usprintf("%s: AMI protected range [%Xh:%Xh] hash mismatch, opened image may refuse to boot", __FUNCTION__,
+                        bgProtectedRanges[i].Offset, bgProtectedRanges[i].Offset + bgProtectedRanges[i].Size),
+                        model->findByBase(bgProtectedRanges[i].Offset));
+                }
+
+                markProtectedRangeRecursive(index, bgProtectedRanges[i]);
+            } else {
+                // TODO: Explore this.
+                msg(usprintf("%s: Suspicious AMI new BG protection offset", __FUNCTION__), index);
             }
-
-            markProtectedRangeRecursive(index, bgProtectedRanges[i]);
         }
         else if (bgProtectedRanges[i].Type == BG_PROTECTED_RANGE_VENDOR_HASH_PHOENIX
             && bgProtectedRanges[i].Size != 0 && bgProtectedRanges[i].Size != 0xFFFFFFFF