summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJan Dabros <jsd@semihalf.com>2020-08-21 12:20:45 +0200
committerPatrick Georgi <pgeorgi@google.com>2020-08-26 07:33:13 +0000
commit3b0d040c1107b95f59b6f273520ebbdde3760bfd (patch)
tree1a62d18ea5f85ecc4d668d800de652d6edfc72b0 /src
parent086c5e6fc866e99208da3c1c9c8840cd0aeaec80 (diff)
downloadcoreboot-3b0d040c1107b95f59b6f273520ebbdde3760bfd.tar.xz
lib/imd: Prohibit removing imd_entry covering root region
Removing entry covering root region leads to situation where num_entries counter is set to 0. This counter is further decremented in function obtaining address to last entry (see root_last_entry()). Such negative number may be further used as an index to the table. Current implementation may lead to crash, when user removes last entry with imd_entry_remove() and then calls for example imd_entry_add(). Signed-off-by: Jan Dabros <jsd@semihalf.com> Change-Id: I6ff54cce55bf10c82a5093f47c7f788fd7c12d3c Reviewed-on: https://review.coreboot.org/c/coreboot/+/44668 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Diffstat (limited to 'src')
-rw-r--r--src/lib/imd.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/imd.c b/src/lib/imd.c
index c86cf324c8..02779651c9 100644
--- a/src/lib/imd.c
+++ b/src/lib/imd.c
@@ -630,6 +630,10 @@ int imd_entry_remove(const struct imd *imd, const struct imd_entry *entry)
if (entry != root_last_entry(r))
return -1;
+ /* Don't remove entry covering root region */
+ if (r->num_entries == 1)
+ return -1;
+
r->num_entries--;
return 0;