fix(rss): fix msg deserialization bugs in comms
-fix1: size of struct instead of pointer during reply_size check
-fix2: update the out_vec length with the actual length from reply
message (e.g. in case of an output buffer, the returned output
data length remained the size of the buffer and was not updated
with the size of the actual data in it)
Change-Id: Ibed5520ca1fb05df358de4bdf85ace219183866c
Signed-off-by: David Vincze <david.vincze@arm.com>
diff --git a/drivers/arm/rss/rss_comms_protocol_embed.c b/drivers/arm/rss/rss_comms_protocol_embed.c
index 801b7cc..c453258 100644
--- a/drivers/arm/rss/rss_comms_protocol_embed.c
+++ b/drivers/arm/rss/rss_comms_protocol_embed.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2022, Arm Limited. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*
@@ -54,7 +54,9 @@
if (in_vec[i].len > sizeof(msg->trailer) - payload_size) {
return PSA_ERROR_INVALID_ARGUMENT;
}
- memcpy(msg->trailer + payload_size, in_vec[i].base, in_vec[i].len);
+ memcpy(msg->trailer + payload_size,
+ in_vec[i].base,
+ in_vec[i].len);
payload_size += in_vec[i].len;
}
@@ -77,12 +79,16 @@
assert(return_val != NULL);
for (i = 0U; i < out_len; ++i) {
- if (sizeof(reply) - sizeof(reply->trailer) + payload_offset > reply_size) {
+ if ((sizeof(*reply) - sizeof(reply->trailer) + payload_offset)
+ > reply_size) {
return PSA_ERROR_INVALID_ARGUMENT;
}
- memcpy(out_vec[i].base, reply->trailer + payload_offset, out_vec[i].len);
- payload_offset += out_vec[i].len;
+ memcpy(out_vec[i].base,
+ reply->trailer + payload_offset,
+ reply->out_size[i]);
+ out_vec[i].len = reply->out_size[i];
+ payload_offset += reply->out_size[i];
}
*return_val = reply->return_val;