Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-24 13:55:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge "fix(el3-spmc): fix dangling pointer in FFA_CONSOLE_LOG" into integration

Browse source
This commit is contained in:
Olivier Deprez 2024-02-19 09:57:31 +01:00 committed by TrustedFirmware Code Review
commit 02d82ffa5b
1 changed files with 18 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
services/std_svc/spm/el3_spmc/spmc_main.c
View file

@ -1489,7 +1489,8 @@ static uint64_t spmc_ffa_console_log(uint32_t smc_fid,
void *handle, void *handle,
uint64_t flags) uint64_t flags)
{ {
char *chars; /* Maximum number of characters is 48: 6 registers of 8 bytes each. */
char chars[48] = {0};
size_t chars_max; size_t chars_max;
size_t chars_count = x1; size_t chars_count = x1;
@ -1500,27 +1501,23 @@ static uint64_t spmc_ffa_console_log(uint32_t smc_fid,
assert(smc_fid == FFA_CONSOLE_LOG_SMC32 || smc_fid == FFA_CONSOLE_LOG_SMC64); assert(smc_fid == FFA_CONSOLE_LOG_SMC32 || smc_fid == FFA_CONSOLE_LOG_SMC64);
if (smc_fid == FFA_CONSOLE_LOG_SMC32) { if (smc_fid == FFA_CONSOLE_LOG_SMC32) {
uint32_t registers[] = { uint32_t *registers = (uint32_t *)chars;
(uint32_t)x2, registers[0] = (uint32_t)x2;
(uint32_t)x3, registers[1] = (uint32_t)x3;
(uint32_t)x4, registers[2] = (uint32_t)x4;
(uint32_t)SMC_GET_GP(handle, CTX_GPREG_X5), registers[3] = (uint32_t)SMC_GET_GP(handle, CTX_GPREG_X5);
(uint32_t)SMC_GET_GP(handle, CTX_GPREG_X6), registers[4] = (uint32_t)SMC_GET_GP(handle, CTX_GPREG_X6);
(uint32_t)SMC_GET_GP(handle, CTX_GPREG_X7), registers[5] = (uint32_t)SMC_GET_GP(handle, CTX_GPREG_X7);
}; chars_max = 6 * sizeof(uint32_t);
chars_max = ARRAY_SIZE(registers) * sizeof(uint32_t);
chars = (char *)registers;
} else { } else {
uint64_t registers[] = { uint64_t *registers = (uint64_t *)chars;
x2, registers[0] = x2;
x3, registers[1] = x3;
x4, registers[2] = x4;
SMC_GET_GP(handle, CTX_GPREG_X5), registers[3] = SMC_GET_GP(handle, CTX_GPREG_X5);
SMC_GET_GP(handle, CTX_GPREG_X6), registers[4] = SMC_GET_GP(handle, CTX_GPREG_X6);
SMC_GET_GP(handle, CTX_GPREG_X7), registers[5] = SMC_GET_GP(handle, CTX_GPREG_X7);
}; chars_max = 6 * sizeof(uint64_t);
chars_max = ARRAY_SIZE(registers) * sizeof(uint64_t);
chars = (char *)registers;
} }
if ((chars_count == 0) || (chars_count > chars_max)) { if ((chars_count == 0) || (chars_count > chars_max)) {