From: AKASHI Takahiro Date: Fri, 8 May 2020 05:51:59 +0000 (+0900) Subject: efi_loader: image_loader: fix a Coverity check against array access X-Git-Tag: v2020.10~223^2~9 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=52d7bfe78787c93b95e805b44bb4d746a65edde4;p=platform%2Fkernel%2Fu-boot.git efi_loader: image_loader: fix a Coverity check against array access Coverity detected: Using "&opt->CheckSum" as an array. This might corrupt or misinterpret adjacent memory locations. The code should work as far as a structure, IMAGE_OPTIONAL_HEADER(64) is packed, but modify it in more logical form. Subsystem is a member next to CheckSum. Reported-by: Coverity (CID 300339) Signed-off-by: AKASHI Takahiro Reviewed-by: Heinrich Schuchardt --- diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index 4e075ae..5dd6019 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -293,12 +293,12 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp, efi_image_region_add(regs, efi, &opt->CheckSum, 0); if (nt64->OptionalHeader.NumberOfRvaAndSizes <= ctidx) { efi_image_region_add(regs, - &opt->CheckSum + 1, + &opt->Subsystem, efi + opt->SizeOfHeaders, 0); } else { /* Skip Certificates Table */ efi_image_region_add(regs, - &opt->CheckSum + 1, + &opt->Subsystem, &opt->DataDirectory[ctidx], 0); efi_image_region_add(regs, &opt->DataDirectory[ctidx] + 1, @@ -313,7 +313,7 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp, IMAGE_OPTIONAL_HEADER32 *opt = &nt->OptionalHeader; efi_image_region_add(regs, efi, &opt->CheckSum, 0); - efi_image_region_add(regs, &opt->CheckSum + 1, + efi_image_region_add(regs, &opt->Subsystem, &opt->DataDirectory[ctidx], 0); efi_image_region_add(regs, &opt->DataDirectory[ctidx] + 1, efi + opt->SizeOfHeaders, 0);