mirror of
https://github.com/riscv-software-src/opensbi
synced 2025-10-17 14:18:17 +01:00
df75e09956
The parameter checks in aclint_mswi_cold_init() don't guard against a
buffer overrun.
mswi_hartid2data is defined as an array of SBI_HARTMASK_MAX_BITS entries.
The current check allows
mswi->hart_count = ACLINT_MSWI_MAX_HARTS
mswi->first_hartid = SBI_HARTMASK_MAX_BITS - 1.
With these values mswi_hartid2data will be accessed at index
SBI_HARTMASK_MAX_BITS + SBI_HARTMASK_MAX_BITS - 2.
We have to check the sum of mswi->first_hartid and mswi->hart_count.
Furthermore mswi->hart_count = 0 would not make much sense.
Addresses-Coverity-ID: 1529705 ("Out-of-bounds write")
Fixes: 5a049fe1d6a5 ("lib: utils/ipi: Add ACLINT MSWI library")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Xiang W <wxjstz@126.com>
Reviewed-by: Anup Patel <anup@brainfault.org>