If the input scatter gather table is wrongly built (no entries), the
code will try to copy memory which is not allowed.
Coverity Explanation:
drivers/crypto/mxs-dcp.c:388: CID
5233058 (#1 of 1):
Type: Out-of-bounds access (OVERRUN)
Classification: Unclassified
Severity: Unspecified
Action: Modeling Required
Owner: nxa21133
First detected on 2018-10-16.
drivers/crypto/mxs-dcp.c:297:
1. alias: Assigning: "out_buf" = "sdcp->coh->aes_out_buf". "out_buf"
now points to byte 0 of "sdcp->coh->aes_out_buf" (which consists of
4096 bytes).
drivers/crypto/mxs-dcp.c:301:
2. assignment: Assigning: "last_out_len" = "0U".
drivers/crypto/mxs-dcp.c:316:
3. path: Condition "!rctx->ecb", taking true branch.
drivers/crypto/mxs-dcp.c:321:
4. path: Falling through to end of if statement.
drivers/crypto/mxs-dcp.c:325:
5. path: Condition "i < nents", taking false branch.
drivers/crypto/mxs-dcp.c:386:
6. path: Condition "!rctx->ecb", taking true branch.
drivers/crypto/mxs-dcp.c:387:
7. path: Condition "rctx->enc", taking true branch.
drivers/crypto/mxs-dcp.c:388:
8. overrun-buffer-arg: Overrunning buffer pointed to by "out_buf +
(last_out_len - 16U)" of 4096 bytes by passing it to a function which
accesses it at byte offset
4294967295 using argument "16U".
Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>
Signed-off-by: Arulpandiyan Vadivel <arulpandiyan_vadivel@mentor.com>
Signed-off-by: Shrikant Bobade <Shrikant_Bobade@mentor.com>
(cherry picked from commit
26560456d04ec6fc147600ab5a92d06144c1da88)
projects / linux.git / commitdiff