[PATCH v2 1/1] lib: utils: fdt_fixup: avoid buffer overrun
Heinrich Schuchardt
heinrich.schuchardt at canonical.com
Fri Mar 31 06:15:15 PDT 2023
fdt_reserved_memory_fixup() uses filtered_order[PMP_COUNT]. The index
must not reach PMP_COUNT.
Fixes: 199189bd1c17 ("lib: utils: Mark only the largest region as reserved in FDT")
Addresses-Coverity-ID: 1536994 ("Out-of-bounds write")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
---
v2:
fix typo in commit message
---
lib/utils/fdt/fdt_fixup.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/utils/fdt/fdt_fixup.c b/lib/utils/fdt/fdt_fixup.c
index c10179b..ae6be00 100644
--- a/lib/utils/fdt/fdt_fixup.c
+++ b/lib/utils/fdt/fdt_fixup.c
@@ -355,7 +355,7 @@ int fdt_reserved_memory_fixup(void *fdt)
if (reg->flags & SBI_DOMAIN_MEMREGION_SU_EXECUTABLE)
continue;
- if (i > PMP_COUNT) {
+ if (i >= PMP_COUNT) {
sbi_printf("%s: Too many memory regions to fixup.\n",
__func__);
return SBI_ENOSPC;
--
2.39.2
More information about the opensbi
mailing list