Make runtime_svc_init() function more robust

 - Added some debug assertions checking that the runtime services
   indexes computed by get_unique_oen() are sane.

 - Do not print the name of the service when its descriptor is
   invalid. If the descriptor is corrupted then its name field
   could be corrupted as well and we would end up reading an
   arbitrary amount of invalid memory.

Change-Id: I16f61065277d01fe1555d5a9cf743f7b52ccaa60

diff --git a/common/runtime_svc.c b/common/runtime_svc.c
index 39300c84c2712c16ff59d250117372e684a4f711..7a5855b64746afcbf819d82a7a4bdd3dc93b0141 100644 (file)
--- a/common/runtime_svc.c
+++ b/common/runtime_svc.c
@@ -107,8 +107,8 @@ void runtime_svc_init(void)
                 */
                rc = validate_rt_svc_desc(service);
                if (rc) {
-                       ERROR("Invalid runtime service descriptor %p (%s)\n",
-                               (void *) service, service->name);
+                       ERROR("Invalid runtime service descriptor %p\n",
+                               (void *) service);
                        panic();
                }
 
@@ -136,8 +136,10 @@ void runtime_svc_init(void)
                 */
                start_idx = get_unique_oen(rt_svc_descs[index].start_oen,
                                service->call_type);
+               assert(start_idx < MAX_RT_SVCS);
                end_idx = get_unique_oen(rt_svc_descs[index].end_oen,
                                service->call_type);
+               assert(end_idx < MAX_RT_SVCS);
                for (; start_idx <= end_idx; start_idx++)
                        rt_svc_descs_indices[start_idx] = index;
        }