diff options
author | Jan Dabros <jsd@semihalf.com> | 2020-08-21 12:20:45 +0200 |
---|---|---|
committer | Patrick Georgi <pgeorgi@google.com> | 2020-08-26 07:33:13 +0000 |
commit | 3b0d040c1107b95f59b6f273520ebbdde3760bfd (patch) | |
tree | 1a62d18ea5f85ecc4d668d800de652d6edfc72b0 /src | |
parent | 086c5e6fc866e99208da3c1c9c8840cd0aeaec80 (diff) | |
download | coreboot-3b0d040c1107b95f59b6f273520ebbdde3760bfd.tar.xz |
lib/imd: Prohibit removing imd_entry covering root region
Removing entry covering root region leads to situation where
num_entries counter is set to 0. This counter is further decremented
in function obtaining address to last entry (see root_last_entry()).
Such negative number may be further used as an index to the table.
Current implementation may lead to crash, when user removes last entry
with imd_entry_remove() and then calls for example imd_entry_add().
Signed-off-by: Jan Dabros <jsd@semihalf.com>
Change-Id: I6ff54cce55bf10c82a5093f47c7f788fd7c12d3c
Reviewed-on: https://review.coreboot.org/c/coreboot/+/44668
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Paul Fagerburg <pfagerburg@chromium.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/imd.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/lib/imd.c b/src/lib/imd.c index c86cf324c8..02779651c9 100644 --- a/src/lib/imd.c +++ b/src/lib/imd.c @@ -630,6 +630,10 @@ int imd_entry_remove(const struct imd *imd, const struct imd_entry *entry) if (entry != root_last_entry(r)) return -1; + /* Don't remove entry covering root region */ + if (r->num_entries == 1) + return -1; + r->num_entries--; return 0; |