[PATCH] efi_loader: image_loader: fix a Coverity check against array access
AKASHI Takahiro
takahiro.akashi at linaro.org
Fri May 8 07:51:59 CEST 2020
Coverity detected:
Using "&opt->CheckSum" as an array. This might corrupt or misinterpret
adjacent memory locations.
The code should work as far as a structure, IMAGE_OPTIONAL_HEADER(64) is
packed, but modify it in more logical form. Subsystem is a member next to
CheckSum.
Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
Reported-by: Coverity (CID 300339)
---
lib/efi_loader/efi_image_loader.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index 2f270e5497aa..894103c6e4dd 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -293,12 +293,12 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
efi_image_region_add(regs, efi, &opt->CheckSum, 0);
if (nt64->OptionalHeader.NumberOfRvaAndSizes <= ctidx) {
efi_image_region_add(regs,
- &opt->CheckSum + 1,
+ &opt->Subsystem,
efi + opt->SizeOfHeaders, 0);
} else {
/* Skip Certificates Table */
efi_image_region_add(regs,
- &opt->CheckSum + 1,
+ &opt->Subsystem,
&opt->DataDirectory[ctidx], 0);
efi_image_region_add(regs,
&opt->DataDirectory[ctidx] + 1,
@@ -313,7 +313,7 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp,
IMAGE_OPTIONAL_HEADER32 *opt = &nt->OptionalHeader;
efi_image_region_add(regs, efi, &opt->CheckSum, 0);
- efi_image_region_add(regs, &opt->CheckSum + 1,
+ efi_image_region_add(regs, &opt->Subsystem,
&opt->DataDirectory[ctidx], 0);
efi_image_region_add(regs, &opt->DataDirectory[ctidx] + 1,
efi + opt->SizeOfHeaders, 0);
--
2.25.2
More information about the U-Boot
mailing list