tpm: sandbox: fix wrong check on pcr_map

The second check on pcr_map in sandbox_tpm2_xfer() is wrong. It should
check for pcr_map not being empty. Instead, it is a pure copy/paste of
the first check which is redundant.

This has been found thanks to a Coverity Scan report:

    CID 183370:  Memory - illegal accesses  (UNINIT)
    Using uninitialized value "pcr_index".
        put_unaligned_be32(tpm->pcr_extensions[pcr_index], recv);

This is because pcr_index is initialized only if the user input is
correct, ie. at least one valid bit is set in pcr_map.

Fix the second check and also initialize pcr_index to 0 (which is
harmless in case of error) to make Coverity Scan happy.

Reported-by: Tom Rini <trini@konsulko.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

diff --git a/drivers/tpm/tpm2_tis_sandbox.c b/drivers/tpm/tpm2_tis_sandbox.c
index 66f6c9ba82fa426c6f9ce55cde7d5f0285833a82..b15ec732add7fda442d60d520fb702a799438687 100644 (file)
--- a/drivers/tpm/tpm2_tis_sandbox.c
+++ b/drivers/tpm/tpm2_tis_sandbox.c
@@ -272,7 +272,7 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
        u32 capability, property, property_count;
 
        /* TPM2_PCR_Read/Extend variables */
-       int pcr_index;
+       int pcr_index = 0;
        u64 pcr_map = 0;
        u32 selections, pcr_nb;
        u16 alg;
@@ -483,8 +483,8 @@ static int sandbox_tpm2_xfer(struct udevice *dev, const u8 *sendbuf,
                        return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
                }
 
-               if (pcr_map >> SANDBOX_TPM_PCR_NB) {
-                       printf("Wrong PCR map.\n");
+               if (!pcr_map) {
+                       printf("Empty PCR map.\n");
                        rc = TPM2_RC_VALUE;
                        return sandbox_tpm2_fill_buf(&recv, recv_len, tag, rc);
                }