2 files changed, 20 insertions, 7 deletions

diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index c51482b3b65..730639f7562 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -27,10 +27,6 @@ struct spl_fit_info {
 	int conf_node;		/* FDT offset to selected configuration node */
 };
 
-__weak void board_spl_fit_post_load(const void *fit)
-{
-}
-
 __weak ulong board_spl_fit_size_align(ulong size)
 {
 	return size;
@@ -829,8 +825,5 @@ int spl_load_simple_fit(struct spl_image_info *spl_image,
 
 	spl_image->flags |= SPL_FIT_FOUND;
 
-	if (IS_ENABLED(CONFIG_IMX_HAB))
-		board_spl_fit_post_load(ctx.fit);
-
 	return 0;
 }
diff --git a/common/spl/spl_legacy.c b/common/spl/spl_legacy.c
index 16851c55eb5..d34bc5492e8 100644
--- a/common/spl/spl_legacy.c
+++ b/common/spl/spl_legacy.c
@@ -7,6 +7,7 @@
 #include <image.h>
 #include <log.h>
 #include <malloc.h>
+#include <asm/sections.h>
 #include <spl.h>
 
 #include <lzma/LzmaTypes.h>
@@ -15,6 +16,22 @@
 
 #define LZMA_LEN	(1 << 20)
 
+static void spl_parse_legacy_validate(uintptr_t start, uintptr_t size)
+{
+	uintptr_t spl_start = (uintptr_t)_start;
+	uintptr_t spl_end = (uintptr_t)__bss_end;
+	uintptr_t end = start + size;
+
+	if ((start >= spl_start && start < spl_end) ||
+	    (end > spl_start && end <= spl_end) ||
+	    (start < spl_start && end >= spl_end) ||
+	    (start > end && end > spl_start))
+		panic("SPL: Image overlaps SPL\n");
+
+	if (size > CONFIG_SYS_BOOTM_LEN)
+		panic("SPL: Image too large\n");
+}
+
 int spl_parse_legacy_header(struct spl_image_info *spl_image,
 			    const struct legacy_img_hdr *header)
 {
@@ -58,6 +75,9 @@ int spl_parse_legacy_header(struct spl_image_info *spl_image,
 	      "payload image: %32s load addr: 0x%lx size: %d\n",
 	      spl_image->name, spl_image->load_addr, spl_image->size);
 
+	spl_parse_legacy_validate(spl_image->load_addr, spl_image->size);
+	spl_parse_legacy_validate(spl_image->entry_point, 0);
+
 	return 0;
 }