From patchwork Fri May 8 05:51:59 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 245304 List-Id: U-Boot discussion From: takahiro.akashi at linaro.org (AKASHI Takahiro) Date: Fri, 8 May 2020 14:51:59 +0900 Subject: [PATCH] efi_loader: image_loader: fix a Coverity check against array access Message-ID: <20200508055159.7672-1-takahiro.akashi@linaro.org> Coverity detected: Using "&opt->CheckSum" as an array. This might corrupt or misinterpret adjacent memory locations. The code should work as far as a structure, IMAGE_OPTIONAL_HEADER(64) is packed, but modify it in more logical form. Subsystem is a member next to CheckSum. Signed-off-by: AKASHI Takahiro Reported-by: Coverity (CID 300339) --- lib/efi_loader/efi_image_loader.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index 2f270e5497aa..894103c6e4dd 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -293,12 +293,12 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp, efi_image_region_add(regs, efi, &opt->CheckSum, 0); if (nt64->OptionalHeader.NumberOfRvaAndSizes <= ctidx) { efi_image_region_add(regs, - &opt->CheckSum + 1, + &opt->Subsystem, efi + opt->SizeOfHeaders, 0); } else { /* Skip Certificates Table */ efi_image_region_add(regs, - &opt->CheckSum + 1, + &opt->Subsystem, &opt->DataDirectory[ctidx], 0); efi_image_region_add(regs, &opt->DataDirectory[ctidx] + 1, @@ -313,7 +313,7 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp, IMAGE_OPTIONAL_HEADER32 *opt = &nt->OptionalHeader; efi_image_region_add(regs, efi, &opt->CheckSum, 0); - efi_image_region_add(regs, &opt->CheckSum + 1, + efi_image_region_add(regs, &opt->Subsystem, &opt->DataDirectory[ctidx], 0); efi_image_region_add(regs, &opt->DataDirectory[ctidx] + 1, efi + opt->SizeOfHeaders, 0);