core: dont try to access parameters outside the shm pool range address

Signed-off-by: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
author: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org> 2015-01-09 07:15:13 -0500
committer: Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org> 2015-01-09 07:15:13 -0500
commit: 6c1b321c2eecf324d514a8d51b4a22e3ef5e284d (patch)
tree: da2abc6f641d75acc4bea3c8f6ef78a96590d9d4
parent: 70d7bf614e7640b9f0535596e5f9d052668584da (diff)
2 files changed, 4 insertions, 0 deletions
diff --git a/core/arm64/tee_tz.c b/core/arm64/tee_tz.c
index 32b7b99..df54a56 100644
--- a/core/arm64/tee_tz.c
+++ b/core/arm64/tee_tz.c
@@ -244,6 +244,8 @@ static void handle_rpc_func_cmd(u32 parg32)
 	struct teesmc32_arg *arg32;
 
 	arg32 = tee_shm_pool_p2v(DEV, TZop.Allocator, parg32);
+	if (!arg32)
+		return;
 
 	switch (arg32->cmd) {
 		case TEE_RPC_MUTEX_WAIT:
diff --git a/core/armv7/tee_tz.c b/core/armv7/tee_tz.c
index f99f8c5..b4666b6 100644
--- a/core/armv7/tee_tz.c
+++ b/core/armv7/tee_tz.c
@@ -244,6 +244,8 @@ static void handle_rpc_func_cmd(u32 parg32)
 	struct teesmc32_arg *arg32;
 
 	arg32 = tee_shm_pool_p2v(DEV, TZop.Allocator, parg32);
+	if (!arg32)
+		return;
 
 	switch (arg32->cmd) {
 		case TEE_RPC_MUTEX_WAIT:
author	Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>	2015-01-09 07:15:13 -0500
committer	Jorge Ramirez-Ortiz <jorge.ramirez-ortiz@linaro.org>	2015-01-09 07:15:13 -0500
commit	6c1b321c2eecf324d514a8d51b4a22e3ef5e284d (patch)
tree	da2abc6f641d75acc4bea3c8f6ef78a96590d9d4
parent	70d7bf614e7640b9f0535596e5f9d052668584da (diff)