[PATCH v2 1/1] lib: utils: fdt_fixup: avoid buffer overrun

Heinrich Schuchardt heinrich.schuchardt at canonical.com
Fri Mar 31 06:15:15 PDT 2023


fdt_reserved_memory_fixup() uses filtered_order[PMP_COUNT]. The index
must not reach PMP_COUNT.

Fixes: 199189bd1c17 ("lib: utils: Mark only the largest region as reserved in FDT")
Addresses-Coverity-ID: 1536994 ("Out-of-bounds write")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
---
v2:
	fix typo in commit message
---
 lib/utils/fdt/fdt_fixup.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/utils/fdt/fdt_fixup.c b/lib/utils/fdt/fdt_fixup.c
index c10179b..ae6be00 100644
--- a/lib/utils/fdt/fdt_fixup.c
+++ b/lib/utils/fdt/fdt_fixup.c
@@ -355,7 +355,7 @@ int fdt_reserved_memory_fixup(void *fdt)
 		if (reg->flags & SBI_DOMAIN_MEMREGION_SU_EXECUTABLE)
 			continue;
 
-		if (i > PMP_COUNT) {
+		if (i >= PMP_COUNT) {
 			sbi_printf("%s: Too many memory regions to fixup.\n",
 				   __func__);
 			return SBI_ENOSPC;
-- 
2.39.2




More information about the opensbi mailing list