diff options
author | AKASHI Takahiro <takahiro.akashi@linaro.org> | 2020-05-08 14:51:59 +0900 |
---|---|---|
committer | Heinrich Schuchardt <xypron.glpk@gmx.de> | 2020-05-09 09:30:27 +0200 |
commit | 52d7bfe78787c93b95e805b44bb4d746a65edde4 (patch) | |
tree | 2a3ade1d823a64b825af7663ede6b2eb1dab1c8f /lib | |
parent | c5c657644bc35fd6b3d6e5517698721e90646b8d (diff) |
efi_loader: image_loader: fix a Coverity check against array access
Coverity detected:
Using "&opt->CheckSum" as an array. This might corrupt or misinterpret
adjacent memory locations.
The code should work as far as a structure, IMAGE_OPTIONAL_HEADER(64) is
packed, but modify it in more logical form. Subsystem is a member next to
CheckSum.
Reported-by: Coverity (CID 300339)
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/efi_loader/efi_image_loader.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c index 4e075ae416..5dd601908d 100644 --- a/lib/efi_loader/efi_image_loader.c +++ b/lib/efi_loader/efi_image_loader.c @@ -293,12 +293,12 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp, efi_image_region_add(regs, efi, &opt->CheckSum, 0); if (nt64->OptionalHeader.NumberOfRvaAndSizes <= ctidx) { efi_image_region_add(regs, - &opt->CheckSum + 1, + &opt->Subsystem, efi + opt->SizeOfHeaders, 0); } else { /* Skip Certificates Table */ efi_image_region_add(regs, - &opt->CheckSum + 1, + &opt->Subsystem, &opt->DataDirectory[ctidx], 0); efi_image_region_add(regs, &opt->DataDirectory[ctidx] + 1, @@ -313,7 +313,7 @@ bool efi_image_parse(void *efi, size_t len, struct efi_image_regions **regp, IMAGE_OPTIONAL_HEADER32 *opt = &nt->OptionalHeader; efi_image_region_add(regs, efi, &opt->CheckSum, 0); - efi_image_region_add(regs, &opt->CheckSum + 1, + efi_image_region_add(regs, &opt->Subsystem, &opt->DataDirectory[ctidx], 0); efi_image_region_add(regs, &opt->DataDirectory[ctidx] + 1, efi + opt->SizeOfHeaders, 0); |