DebugFS: Check channel index before calling clone function

To avoid a potential out-of-bounds access, check whether a device exists on a channel before calling the corresponding clone function. Signed-off-by: Zelalem <zelalem.aweke@arm.com> Change-Id: Ia0dd66b331d3fa8a33109a02369e1bc9ae0fdd5b
2025-04-16 09:34:18 +00:00 · 2020-12-18 11:02:25 -06:00 · 2020-12-18 11:02:25 -06:00 · b226c74737
commit b226c74737
parent d194afa71b
2 changed files with 13 additions and 4 deletions
--- a/lib/debugfs/dev.c
+++ b/lib/debugfs/dev.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -333,6 +333,10 @@ noent:
 ******************************************************************************/
 chan_t *clone(chan_t *c, chan_t *nc)
 {
 	if (c->index == NODEV) {
 		return NULL;
 	}
 	return devtab[c->index]->clone(c, nc);
 }
--- a/lib/debugfs/devfip.c
+++ b/lib/debugfs/devfip.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -129,7 +129,10 @@ static int fipgen(chan_t *c, const dirtab_t *tab, int ntab, int n, dir_t *dir)
 		panic();
 	}
-	clone(archives[c->dev].c, &nc);
+	if (clone(archives[c->dev].c, &nc) == NULL) {
 		panic();
 	}
 	fip = &archives[nc.dev];
 	off = STOC_HEADER;
@ -202,7 +205,9 @@ static int fipread(chan_t *c, void *buf, int n)
 		panic();
 	}
-	clone(fip->c, &cs);
+	if (clone(fip->c, &cs) == NULL) {
 		panic();
 	}
 	size = fip->size[c->qid];
 	if (c->offset >= size) {