fix(rcar3-drivers): add integer overflow check

Add in the cert length calc function an integer overflow check Signed-off-by: Tobias Rist <tobias.rist@joynext.com> Signed-off-by: Yoshifumi Hosoya <yoshifumi.hosoya.wj@renesas.com> Change-Id: I80e93582cd2d6006186e1573406b4945943b9422
2 years ago · 93b8952eef
1 changed files with 9 additions and 1 deletions
--- a/drivers/renesas/common/io/io_rcar.c
+++ b/drivers/renesas/common/io/io_rcar.c
@ -244,8 +244,16 @@ void rcar_read_certificate(uint64_t cert, uint32_t *len, uintptr_t *dst)
 			dstl = cert + RCAR_CERT_INFO_DST_OFFSET;
 			break;
 		}
+		val = mmio_read_32(size);
+		if (val > (UINT32_MAX / 4)) {
+			ERROR("BL2: %s[%d] uint32 overflow!\n",
+				__func__, __LINE__);
+			*dst = 0;
+			*len = 0;
+			return;
+		}

-		*len = mmio_read_32(size) * 4U;
+		*len = val * 4U;
 		dsth = dstl + 4U;
 		*dst = ((uintptr_t) mmio_read_32(dsth) << 32) +
 		    ((uintptr_t) mmio_read_32(dstl));