[PATCH] cros_ec: sandbox: Use correct value for number of slots
Quentin Schulz
quentin.schulz at cherry.de
Mon Jul 14 14:23:26 CEST 2025
Hi Andrew,
On 7/3/25 12:00 PM, Andrew Goodbody wrote:
> In the definition of struct ec_state the number of slots that are
> created is VSTORE_SLOT_COUNT (==4) but the value of req->slot is
> checked against EC_VSTORE_SLOT_MAX (==32) so this can lead to memory
> access beyond that allocated.
> Instead change the size check to use VSTORE_SLOT_COUNT to ensure it
> matches what has actually been allocated.
>
> This issue found by Smatch.
>
> Signed-off-by: Andrew Goodbody <andrew.goodbody at linaro.org>
Seems reasonable to me:
Reviewed-by: Quentin Schulz <quentin.schulz at cherry.de>
We could have used "ARRAY_SIZE(ec->slot)" instead I believe but the rest
of the code is already using VSTORE_SLOT_COUNT instead, so it makes
sense to stay consistent.
Thanks!
Quentin
More information about the U-Boot
mailing list