From 3b0d040c1107b95f59b6f273520ebbdde3760bfd Mon Sep 17 00:00:00 2001 From: Jan Dabros Date: Fri, 21 Aug 2020 12:20:45 +0200 Subject: [PATCH] lib/imd: Prohibit removing imd_entry covering root region Removing entry covering root region leads to situation where num_entries counter is set to 0. This counter is further decremented in function obtaining address to last entry (see root_last_entry()). Such negative number may be further used as an index to the table. Current implementation may lead to crash, when user removes last entry with imd_entry_remove() and then calls for example imd_entry_add(). Signed-off-by: Jan Dabros Change-Id: I6ff54cce55bf10c82a5093f47c7f788fd7c12d3c Reviewed-on: https://review.coreboot.org/c/coreboot/+/44668 Tested-by: build bot (Jenkins) Reviewed-by: Paul Fagerburg --- src/lib/imd.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/lib/imd.c b/src/lib/imd.c index c86cf324c8..02779651c9 100644 --- a/src/lib/imd.c +++ b/src/lib/imd.c @@ -630,6 +630,10 @@ int imd_entry_remove(const struct imd *imd, const struct imd_entry *entry) if (entry != root_last_entry(r)) return -1; + /* Don't remove entry covering root region */ + if (r->num_entries == 1) + return -1; + r->num_entries--; return 0;