fdt: increase supported image number to MAX_NUM_IMGS, catch overflows

[beku-epitome]

The previous g_images buffer would be overflown if e.g. TEE was included in the FIT image, causing other globals to be overwritten, and eventually segfaulting the program.

1. Increase the g_images buffer size
2. Pass the buffer size to the parser, and limit the parsing to that limit

[utkarshguptanxp]

Hello, thank you for the PR and apologies for the delay. We are reviewing the fix and will get back to you soon.

[utkarshguptanxp]

@beku-epitome Could you explain in which case we need more than 5 images? typically we can have uboot proper, uboot dtb, atf and tee. Anything else that you have included in your FIT image that needs this extension?

[benedekkupper]

Sorry for the late reply, the company I worked at went under. I don't remember all the details anymore, but as a recap, we had a Variscite DART-MX8M-PLUS SoM, and we used optee. Variscite's Wiki suggests the old approach to HAB, possibly because they also couldn't get this tool to work correctly. I implemented HAB for the i.MX 8M Plus EVK first, where this tool works out of the box. But when targeting the SoM, there was a segmentation error in nxp-cst-signer, as the SoM had one more image in the FIT image.

This bug, especially the lack of bounds checking is the likely reason why the many different yocto BSPs didn't converge to the optimal solution of using imx-cst straight out of meta-openembedded, and using nxp-cst-signer in conjunction.