km: ta: fix out of bounds check

Add missing param check for TA_is_out_of_bounds(). Signed-off-by: Victor Chong <victor.chong@linaro.org> Acked-by: Ruchika Gupta <ruchika.gupta@linaro.org>
author: Victor Chong <victor.chong@linaro.org> 2020-12-17 15:41:05 +0000
committer: vchong <7334750+vchong@users.noreply.github.com> 2020-12-18 18:57:25 +0900
commit: 1970688cc1035d59382f2f9cd2bd5884a4d982e4 (patch)
tree: 3d05816e350f34892a31e478051915ff7d9d8245
parent: 6d7fd1d04fa4e130ccef3913995ea6c285e6a7c1 (diff)
download: apps-1970688cc1035d59382f2f9cd2bd5884a4d982e4.tar.gz
1 files changed, 13 insertions, 7 deletions
diff --git a/keymaster/ta/parsel.c b/keymaster/ta/parsel.c
index 0731b42..f44df3f 100644
--- a/keymaster/ta/parsel.c
+++ b/keymaster/ta/parsel.c
@@ -25,13 +25,19 @@ bool TA_is_out_of_bounds(uint8_t *ptr, uint8_t *end, size_t size)
 {
 	uintptr_t res = 0;
 
-	if (ADD_OVERFLOW((uintptr_t)ptr, size, &res)) {
-		EMSG("Pointer overflow detected - Abort!");
-		return true;
-	}
-	if (res > (uintptr_t)end) {
-		EMSG("Pointer out of bounds!");
-		return true;
+	if (end) {
+		if (ADD_OVERFLOW((uintptr_t)ptr, size, &res)) {
+			DMSG("ptr = 0x%x, end = 0x%x, size = %zu", ptr, end,
+			     size);
+			EMSG("Pointer overflow detected - Abort!");
+			return true;
+		}
+		if (res > (uintptr_t)end) {
+			DMSG("ptr = 0x%x, end = 0x%x, size = %zu", ptr, end,
+			     size);
+			EMSG("Pointer out of bounds!");
+			return true;
+		}
 	}
 	return false;
 }
author	Victor Chong <victor.chong@linaro.org>	2020-12-17 15:41:05 +0000
committer	vchong <7334750+vchong@users.noreply.github.com>	2020-12-18 18:57:25 +0900
commit	1970688cc1035d59382f2f9cd2bd5884a4d982e4 (patch)
tree	3d05816e350f34892a31e478051915ff7d9d8245
parent	6d7fd1d04fa4e130ccef3913995ea6c285e6a7c1 (diff)
download	apps-1970688cc1035d59382f2f9cd2bd5884a4d982e4.tar.gz