Make runtime_svc_init() function more robust

- Added some debug assertions checking that the runtime services indexes computed by get_unique_oen() are sane. - Do not print the name of the service when its descriptor is invalid. If the descriptor is corrupted then its name field could be corrupted as well and we would end up reading an arbitrary amount of invalid memory. Change-Id: I16f61065277d01fe1555d5a9cf743f7b52ccaa60

Make runtime_svc_init() function more robust
- Added some debug assertions checking that the runtime services indexes computed by get_unique_oen() are sane. - Do not print the name of the service when its descriptor is invalid. If the descriptor is corrupted then its name field could be corrupted as well and we would end up reading an arbitrary amount of invalid memory. Change-Id: I16f61065277d01fe1555d5a9cf743f7b52ccaa60
3a26a28c · Sandrine Bailleux · 9d24d353 · 3a26a28c
Commit 3a26a28c authored Jun 28, 2016 by Sandrine Bailleux
--- a/common/runtime_svc.c
+++ b/common/runtime_svc.c
@@ -107,8 +107,8 @@ void runtime_svc_init(void)
 		 */
 		rc = validate_rt_svc_desc(service);
 		if (rc) {
-			ERROR("Invalid runtime service descriptor %p (%s)\n",
+			ERROR("Invalid runtime service descriptor %p\n",
-				(void *) service, service->name);
+				(void *) service);
 			panic();
 		}
@@ -136,8 +136,10 @@ void runtime_svc_init(void)
 		 */
 		start_idx = get_unique_oen(rt_svc_descs[index].start_oen,
 				service->call_type);
+		assert(start_idx < MAX_RT_SVCS);
 		end_idx = get_unique_oen(rt_svc_descs[index].end_oen,
 				service->call_type);
+		assert(end_idx < MAX_RT_SVCS);
 		for (; start_idx <= end_idx; start_idx++)
 			rt_svc_descs_indices[start_idx] = index;
 	}