Commit 75df6269 authored by Yann Gautier's avatar Yann Gautier
Browse files

xlat_v2: add a check on mm_cursor->size to avoid infinite loop



The issue can occur if end_va is equal to the max architecture address,
and when mm_cursor point to the last entry of mmap_region_t table: {0}.
The first line of the while will then be true, e.g. on AARCH32, we have:
mm_cursor->base_va (=0) + mm_cursor->size (=0) - 1 == end_va (=0xFFFFFFFF)
And the mm_cursor->size = 0 will be lesser than mm->size

A check on mm_cursor->size != 0 should be done as in the previous while,
to avoid such kind of infinite loop.

fixes arm-software/tf-issues#594
Signed-off-by: default avatarYann Gautier <yann.gautier@st.com>
parent ed4cf490
...@@ -784,8 +784,8 @@ void mmap_add_region_ctx(xlat_ctx_t *ctx, const mmap_region_t *mm) ...@@ -784,8 +784,8 @@ void mmap_add_region_ctx(xlat_ctx_t *ctx, const mmap_region_t *mm)
&& mm_cursor->size) && mm_cursor->size)
++mm_cursor; ++mm_cursor;
while ((mm_cursor->base_va + mm_cursor->size - 1 == end_va) while ((mm_cursor->base_va + mm_cursor->size - 1 == end_va) &&
&& (mm_cursor->size < mm->size)) (mm_cursor->size != 0U) && (mm_cursor->size < mm->size))
++mm_cursor; ++mm_cursor;
/* /*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment