In IPC,endpoint requested is greater than 256 error needs to be reported

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: High
    • MCAL
    • MCAL-29484
    • Hide
      MCUSW_J7_10.00.00
      MCUSW_J7_10.01.00
      Show
      MCUSW_J7_10.00.00 MCUSW_J7_10.01.00
    • MCUSW_J7_11.01.00
    • Hide
      j7200-evm
      j721e-evm
      j721s2-evm
      j722s-evm
      j742s2-evm
      j784s4-evm
      Show
      j7200-evm j721e-evm j721s2-evm j722s-evm j742s2-evm j784s4-evm

      in CDD IPC, dstAddr is put into the VRING as part of the message by RPMessage_send and there is no reason that prevents that value from being above 255.
      If msg->dstAddr is, lets say, 1000. RPMessage_lookupEndpt will index out of the array returning a pointer to some other memory.
      obj will be pointing to this memory and is will be interpreted as a RPMessage struct. Later in RPMessage_enqueMsg data will be copied to a random location in memory .

      when the interrupt triggers RPMessage_swiFxn API it calls RPMessage_enqueMsg API, Inside this at the very beginning if we get >256 we are just going and looking in the poo[>256] which can crash the R5F core.

            Assignee:
            TI User
            Reporter:
            TI User
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:

                Connection: Intermediate to External PROD System
                EXTSYNC-5375 - In IPC,endpoint requested is greate...
                SYNCHRONIZED
                • Last Sync Date: