diff options
author | Ard Biesheuvel <ard.biesheuvel@linaro.org> | 2019-01-07 08:15:00 +0100 |
---|---|---|
committer | Ard Biesheuvel <ard.biesheuvel@linaro.org> | 2019-01-14 19:46:57 +0100 |
commit | 76c23f9e0d0d65866e4195b0bc12c1ca2763ced2 (patch) | |
tree | 1c780e6728c411e60498ec79ee214b19d325622a /ArmPkg | |
parent | d08575759e5a853e157e6e418e9fea5d5864f725 (diff) | |
download | edk2-76c23f9e0d0d65866e4195b0bc12c1ca2763ced2.zip edk2-76c23f9e0d0d65866e4195b0bc12c1ca2763ced2.tar.gz edk2-76c23f9e0d0d65866e4195b0bc12c1ca2763ced2.tar.bz2 |
ArmPkg/ArmMmuLib AARCH64: fix out of bounds access
Take care not to dereference BlockEntry if it may be pointing past
the end of the page table we are manipulating. It is only a read,
and thus harmless, but HeapGuard triggers on it so let's fix it.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Leif Lindholm <leif.lindholm@linaro.org>
Diffstat (limited to 'ArmPkg')
-rw-r--r-- | ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c index e410441..d66df3e 100644 --- a/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c +++ b/ArmPkg/Library/ArmMmuLib/AArch64/ArmMmuLibCore.c @@ -382,7 +382,7 @@ UpdateRegionMapping ( // Break the inner loop when next block is a table
// Rerun GetBlockEntryListFromAddress to avoid page table memory leak
- if (TableLevel != 3 &&
+ if (TableLevel != 3 && BlockEntry <= LastBlockEntry &&
(*BlockEntry & TT_TYPE_MASK) == TT_TYPE_TABLE_ENTRY) {
break;
}
|