On 5 August 2018 at 10:53, Miquel Raynal miquel.raynal@bootlin.com wrote:
The second check on pcr_map in sandbox_tpm2_xfer() is wrong. It should check for pcr_map not being empty. Instead, it is a pure copy/paste of the first check which is redundant.
This has been found thanks to a Coverity Scan report:
CID 183370: Memory - illegal accesses (UNINIT) Using uninitialized value "pcr_index". put_unaligned_be32(tpm->pcr_extensions[pcr_index], recv);This is because pcr_index is initialized only if the user input is correct, ie. at least one valid bit is set in pcr_map.
Fix the second check and also initialize pcr_index to 0 (which is harmless in case of error) to make Coverity Scan happy.
Reported-by: Tom Rini trini@konsulko.com Signed-off-by: Miquel Raynal miquel.raynal@bootlin.com
drivers/tpm/tpm2_tis_sandbox.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
Reviewed-by: Simon Glass sjg@chromium.org
It is always nice to see a test update with a bug fix (so we test that the problem is fixed). I'm not sure if that is possible?
- Simon