kamkow1/Limine
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sys/cpu_riscv: Validate RHCT hart_info offsets array bounds

Browse Source
This commit is contained in:
Mintsuki
2026-04-17 02:20:31 +02:00
parent d8895a258b
commit e0b5fd0d21
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
common/sys/cpu_riscv.c
View File

@@ -131,6 +131,13 @@ static void init_riscv_acpi(void) {
panic(false, "riscv: missing rhct node for hartid %U", (uint64_t)hartid); panic(false, "riscv: missing rhct node for hartid %U", (uint64_t)hartid);
} }
// Ensure the offsets[] array fits within the hart_info node as
// declared by the containing header.size.
uint64_t offsets_bytes = (uint64_t)hart_info->offsets_len * sizeof(uint32_t);
if (offsetof(struct rhct_hart_info, offsets) + offsets_bytes > hart_info->header.size) {
panic(false, "riscv: RHCT hart_info offsets_len exceeds node size");
}
const char *isa_string = NULL; const char *isa_string = NULL;
uint8_t mmu_type = 0; uint8_t mmu_type = 0;
uint8_t flags = 0; uint8_t flags = 0;