EmbeddedPkg: do not ASSERT() on valid external input

[mirror_edk2.git] / EmbeddedPkg / Drivers / FdtPlatformDxe / FdtPlatform.c

diff --git a/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c b/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c
index b6f5c3e58d3ae1e20b2e5d0d2e932419f4bc01ba..fb2ae6071a0dcd5de83a34ce467296789866be34 100644 (file)
--- a/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c
+++ b/EmbeddedPkg/Drivers/FdtPlatformDxe/FdtPlatform.c
@@ -94,15 +94,16 @@ InstallFdt (
     goto Error;\r
   }\r
 \r
-  // Check the FDT header is valid. We only make this check in DEBUG mode in\r
-  // case the FDT header change on production device and this ASSERT() becomes\r
-  // not valid.\r
-  ASSERT (fdt_check_header ((VOID*)(UINTN)FdtBlobBase) == 0);\r
-\r
   //\r
-  // Ensure the Size of the Device Tree is smaller than the size of the read file\r
+  // Ensure that the FDT header is valid and that the Size of the Device Tree\r
+  // is smaller than the size of the read file\r
   //\r
-  ASSERT ((UINTN)fdt_totalsize ((VOID*)(UINTN)FdtBlobBase) <= FdtBlobSize);\r
+  if (fdt_check_header ((VOID*)(UINTN)FdtBlobBase) != 0 ||\r
+      (UINTN)fdt_totalsize ((VOID*)(UINTN)FdtBlobBase) > FdtBlobSize) {\r
+    DEBUG ((EFI_D_ERROR, "InstallFdt() - loaded FDT binary image seems corrupt\n"));\r
+    Status = EFI_LOAD_ERROR;\r
+    goto Error;\r
+  }\r
 \r
   //\r
   // Store the FDT as Runtime Service Data to prevent the Kernel from\r