[PATCH 1/1] platform: generic: allwinner: avoid buffer overrun
Bin Meng
bmeng.cn at gmail.com
Tue Dec 27 05:49:07 PST 2022
On Tue, Dec 27, 2022 at 9:36 PM Andreas Schwab <schwab at linux-m68k.org> wrote:
>
> On Dez 27 2022, Bin Meng wrote:
>
> > On Tue, Dec 27, 2022 at 9:04 PM Andreas Schwab <schwab at linux-m68k.org> wrote:
> >>
> >> On Dez 27 2022, Bin Meng wrote:
> >>
> >> > Changing the array size to PLIC_SOURCES + 1 does not make sense. The
> >> > PLIC_SOURCES should be 176 which is correct as it includes source 0 on
> >> > the Allwinner SoC. The "riscv,ndev" [1] should not be 176 otherwise it
> >> > will create a buffer overrun.
> >>
> >> The range check will always allow that overrrun.
> >>
> >
> > Well, with a correct dtb it doesn't.
>
> You cannot argue with the dtb, since this is externally controlled.
>
> > Strictly speaking, your proposed fix allows that overrun too
>
> How?
>
Passing num = 200 to plic_priority_save/restore.
You can argue my example is a misuse of the API, but I can argue a
wrong dtb should not be in the first place too.
Regards,
Bin
More information about the opensbi
mailing list