我试图写这个函数,它应该返回一个uint32_t,但我遇到了一个越界读取错误,这意味着它是从错误的内存中读取的。错误在sumOfKey += aonEfuse->eFuseBitArray.secFAKEK[keyIndex]这一行,错误状态为overrun-local。超出数组amonEfuse->eFuseBitArray.secFAKEK的8个4字节元素的元素索引8(字节偏移量35),使用索引keyIndex(其值为8)。请注意,secFAKEK被定义为。
uint32_t secFAKEK[EFUSE_SEC_FAKEK_SIZE_WORDS];
SEC_KM_AES_KEY_SIZE_IN_BYTES = 32
还有: EFUSE_SEC_FAKEK_SIZE_WORDS = 0x08
uint32_t SEC_CODE_SLOW SEC_KM_GetFAKEKVersion(void)
{
uint64_t sumOfKey = 0;
uint32_t keyIndex = 0;
const uint32_t keySizeDwords = SEC_KM_AES_KEY_SIZE_IN_BYTES / sizeof(uint32_t);
AON_eFuseData_t *aonEfuse = SYS_GetAONeFuseData();
if (!aonEfuse)
{
return MAX_UINT32;
}
while (keyIndex++ < keySizeDwords)
{
sumOfKey += aonEfuse->eFuseBitArray.secFAKEK[keyIndex];
}
return sumOfKey == 0 ? 0 : ((sumOfKey == 0xFFFFFFFFULL * keySizeDwords) ? 2 : 1);
}
这一行就是问题所在。
while (keyIndex++ < keySizeDwords)
这里发生的事情是,你和一个好的值比较,比如说32 < 33,然后发生了后增量,最后你在循环中读到了33,这就导致了越界。
将其改为
while (keyIndex < keySizeDwords)
// and increment inside the loop.
一个很简单的例子。
int size = 1;
int a[size];
int index = 0;
while( index++ < size) // index at the time of comparing is 0 but right after it is 1
{
a[index] = 0; // here we are going out of bounds because index is 1
}