Skip to content

Commit

Permalink
plat-stm32mp1: fix use after free in PMIC driver
Browse files Browse the repository at this point in the history
Fix PMIC regulator levels arrays handling that missed a pointer reset
after the buffer is freed. At runtime, pmic_list_voltages() handler
function uses that reference and is expected to allocate back the
buffer in case non-secure world requests voltage enumeration for the
related regulator.

Fixes: a7990eb ("plat-stm32mp1: set voltage list at pmic driver init")
Signed-off-by: Etienne Carriere <[email protected]>
Acked-by: Jerome Forissier <[email protected]>
  • Loading branch information
etienne-lms authored and jforissier committed Aug 20, 2024
1 parent 7c76fdc commit 641f2f1
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion core/arch/arm/plat-stm32mp1/drivers/stm32mp1_pmic.c
Original file line number Diff line number Diff line change
Expand Up @@ -542,8 +542,10 @@ static TEE_Result release_voltage_lists(void)
for (n = 0; n < ARRAY_SIZE(pmic_regulators); n++) {
struct pmic_regulator_data *priv = pmic_regulators[n].priv;

if (priv && priv->voltages_level)
if (priv && priv->voltages_level) {
free(priv->voltages_level);
priv->voltages_level = NULL;
}
}

return TEE_SUCCESS;
Expand Down

0 comments on commit 641f2f1

Please sign in to comment.