lib: utils: fdt_fixup: avoid buffer overrun

fdt_reserved_memory_fixup() uses filtered_order[PMP_COUNT]. The index
must not reach PMP_COUNT.

Fixes: 199189bd1c17 ("lib: utils: Mark only the largest region as reserved in FDT")
Addresses-Coverity-ID: 1536994 ("Out-of-bounds write")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Xiang W <wxjstz@126.com>
Reviewed-by: Anup Patel <anup@brainfault.org>

diff --git a/lib/utils/fdt/fdt_fixup.c b/lib/utils/fdt/fdt_fixup.c
index c10179b900c1723022563d60348d8d4f9e4ccb87..ae6be00857900b2f281bf0899df549b6019f52c6 100644 (file)
--- a/lib/utils/fdt/fdt_fixup.c
+++ b/lib/utils/fdt/fdt_fixup.c
@@ -355,7 +355,7 @@ int fdt_reserved_memory_fixup(void *fdt)
                if (reg->flags & SBI_DOMAIN_MEMREGION_SU_EXECUTABLE)
                        continue;
 
-               if (i > PMP_COUNT) {
+               if (i >= PMP_COUNT) {
                        sbi_printf("%s: Too many memory regions to fixup.\n",
                                   __func__);
                        return SBI_ENOSPC;