Searched hist:fa40bed519337c8b496559d9f588c51f58262bb3 (Results 1 – 1 of 1) sorted by relevance
| /optee_os/core/kernel/ |
| H A D | tee_ta_manager.c | fa40bed519337c8b496559d9f588c51f58262bb3 Fri Mar 10 19:32:06 UTC 2023 Weizhao Jiang <weizhaoj@amazon.com> core: fix out-of-bounds access of dump_ctx
Problem: in the case of no UTA running, the buffer of dump_ctx will
be allocated with 0 size and passed to init_dump_ctx(). That causes
buffer overrunning.
Solution: Check buffer size before allocate the buffer. If it's 0,
return TEE_ERROR_ITEM_NOT_FOUND.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>
Tested-by: Weizhao Jiang <weizhaoj@amazon.com>
Signed-off-by: Weizhao Jiang <weizhaoj@amazon.com>
|