The function has space for up to 10 HAB events. On the off-chance that
there are more found, it will scribble them over stack memory.
Fix this by only collecting up to 10 events and printing a warning if
that's exceeded. Once we have reports that this issue manifests, we can
consider extending the array or dynamically allocating it.
Reported-by: Christian Melki <christian.melki@xxxxxxxxxx>
Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
---
v1 -> v2:
- keep first 10 events found
---
drivers/hab/habv4.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/hab/habv4.c b/drivers/hab/habv4.c
index 4db1e7cc0f3a..ed6d4db77c16 100644
--- a/drivers/hab/habv4.c
+++ b/drivers/hab/habv4.c
@@ -254,6 +254,11 @@ static enum hab_status imx8m_read_sram_events(enum hab_status status,
if (sram > end)
break;
+ if (num_events == ARRAY_SIZE(events)) {
+ pr_warn("Discarding excess event\n");
+ continue;
+ }
+
events[num_events] = search;
num_events++;
} else {
--
2.39.2
