aoc: prevent out of range on find_ramdump_sectionandroid-u-qpr1-beta-2.2_r0.6android-u-qpr1-beta-2.2_r0.5android-u-qpr1-beta-2.2_r0.4android-u-qpr1-beta-2.2_r0.3android-14.0.0_r0.44android-14.0.0_r0.43android-14.0.0_r0.42android-14.0.0_r0.41android-14.0.0_r0.40android-14.0.0_r0.39android-14.0.0_r0.37android-14.0.0_r0.36android-14.0.0_r0.35android-14.0.0_r0.34android-14.0.0_r0.33android-14.0.0_r0.31android-14.0.0_r0.25android-14.0.0_r0.23android-14.0.0_r0.21android-gs-tangorpro-5.10-android14-qpr1-betaandroid-gs-tangorpro-5.10-android14-qpr1android-gs-raviole-5.10-android14-qpr1android-gs-pantah-5.10-android14-qpr1-betaandroid-gs-pantah-5.10-android14-qpr1android-gs-lynx-5.10-android14-qpr1-betaandroid-gs-lynx-5.10-android14-qpr1android-gs-felix-5.10-android14-qpr1-betaandroid-gs-felix-5.10-android14-qpr1android-gs-bluejay-5.10-android14-qpr1

when coredump is corrupt, the value of num_sections
from ramdump_header may larger than the number of
sections. Out of range access will cause the KP.

Bug: 302929196
Change-Id: I423886cb8223617d84cf1b21231a914c70a30dd2
Signed-off-by: yixuanjiang <yixuanjiang@google.com>

1 files changed, 3 insertions, 0 deletions

diff --git a/aoc.c b/aoc.c
index b17a7c0..14e2ac9 100644
--- a/aoc.c
+++ b/aoc.c
@@ -2556,6 +2556,9 @@ static struct aoc_section_header *find_ramdump_section(struct aoc_ramdump_header
 {
 	int i;
 
+	if (ramdump_header->num_sections != RAMDUMP_NUM_SECTIONS)
+		return NULL;
+
 	for (i = 0; i < ramdump_header->num_sections; i++)
 		if (ramdump_header->sections[i].type == section_type)
 			return &ramdump_header->sections[i];