diff options
-rw-r--r-- | firmware/buflib.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/firmware/buflib.c b/firmware/buflib.c index 06b52ca934..f909ab8333 100644 --- a/firmware/buflib.c +++ b/firmware/buflib.c | |||
@@ -248,9 +248,16 @@ static bool | |||
248 | move_block(struct buflib_context* ctx, union buflib_data* block, int shift) | 248 | move_block(struct buflib_context* ctx, union buflib_data* block, int shift) |
249 | { | 249 | { |
250 | char* new_start; | 250 | char* new_start; |
251 | |||
252 | if (block < ctx->buf_start || block > ctx->alloc_end) | ||
253 | buflib_panic(ctx, "buflib data corrupted %p", block); | ||
254 | |||
251 | union buflib_data *new_block, *tmp = block[1].handle, *crc_slot; | 255 | union buflib_data *new_block, *tmp = block[1].handle, *crc_slot; |
252 | struct buflib_callbacks *ops = block[2].ops; | 256 | struct buflib_callbacks *ops = block[2].ops; |
253 | crc_slot = (union buflib_data*)tmp->alloc - 1; | 257 | crc_slot = (union buflib_data*)tmp->alloc - 1; |
258 | if (crc_slot < ctx->buf_start || crc_slot > ctx->alloc_end) | ||
259 | buflib_panic(ctx, "buflib metadata corrupted %p", crc_slot); | ||
260 | |||
254 | const int metadata_size = (crc_slot - block)*sizeof(union buflib_data); | 261 | const int metadata_size = (crc_slot - block)*sizeof(union buflib_data); |
255 | uint32_t crc = crc_32((void *)block, metadata_size, 0xffffffff); | 262 | uint32_t crc = crc_32((void *)block, metadata_size, 0xffffffff); |
256 | 263 | ||