Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / bf9b0f36750c00cd61a7aaa7e8ba73fa866b807e
commitbf9b0f36750c00cd61a7aaa7e8ba73fa866b807e[log] [tgz]
authorPankaj Gupta <pankaj.gupta@nxp.com>Tue May 17 22:37:16 2022 +0530
committerJiafei Pan <Jiafei.Pan@nxp.com>Wed Nov 23 09:17:48 2022 +0800
tree2981c66aa48baa569c9055e7bc3fd9decd08a73d
parentb27cc468202c43d66cf947d578da8d11166201b0 [diff]
fix(nxp-crypto): fix coverity issue

In function "desc_length", LSB byte of the first word of the
descriptor will be anded with 0x7F, to get the number of words
constructing the descriptor.

LSB byte of the first word of the descriptor is auto-incremented
with each add_word used while constructing the descriptor.

But if function "desc_add_word" is called more than
MAX_DESC_SIZE_WORDS times, then only the function "desc_length",
can return number of words greater than MAX_DESC_SIZE_WORDS.

This is the condition when core can overwrite the out of bound
memory.

Hence, the following fix is needed:
- Before adding any new word to the descriptor, a check for
  max word length needs to be added, into these functions:
  "desc_add_word" & "desc_add_ptr".

Signed-off-by: Pankaj Gupta <pankaj.gupta@nxp.com>
Signed-off-by: Jiafei Pan <Jiafei.Pan@nxp.com>
Change-Id: If896cd2e02ecde72fb09c5147119dec4f2f84bc3
1 file changed
tree: 2981c66aa48baa569c9055e7bc3fd9decd08a73d
  1. .husky/
  2. bl1/
  3. bl2/
  4. bl2u/
  5. bl31/
  6. bl32/
  7. common/
  8. docs/
  9. drivers/
  10. fdts/
  11. include/
  12. lib/
  13. licenses/
  14. make_helpers/
  15. plat/
  16. services/
  17. tools/
  18. .checkpatch.conf
  19. .commitlintrc.js
  20. .cz.json
  21. .editorconfig
  22. .gitignore
  23. .gitreview
  24. .nvmrc
  25. .versionrc.js
  26. changelog.yaml
  27. dco.txt
  28. license.rst
  29. Makefile
  30. package-lock.json
  31. package.json
  32. readme.rst