From 75df62699b9911de0ed0b9b4e95c5d682910cc0e Mon Sep 17 00:00:00 2001
From: Yann Gautier <yann.gautier@st.com>
Date: Thu, 14 Jun 2018 14:36:20 +0200
Subject: [PATCH] xlat_v2: add a check on mm_cursor->size to avoid infinite
 loop

The issue can occur if end_va is equal to the max architecture address,
and when mm_cursor point to the last entry of mmap_region_t table: {0}.
The first line of the while will then be true, e.g. on AARCH32, we have:
mm_cursor->base_va (=0) + mm_cursor->size (=0) - 1 == end_va (=0xFFFFFFFF)
And the mm_cursor->size = 0 will be lesser than mm->size

A check on mm_cursor->size != 0 should be done as in the previous while,
to avoid such kind of infinite loop.

fixes arm-software/tf-issues#594

Signed-off-by: Yann Gautier <yann.gautier@st.com>
---
 lib/xlat_tables_v2/xlat_tables_internal.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/xlat_tables_v2/xlat_tables_internal.c b/lib/xlat_tables_v2/xlat_tables_internal.c
index 31d3365b9..a38f97f2f 100644
--- a/lib/xlat_tables_v2/xlat_tables_internal.c
+++ b/lib/xlat_tables_v2/xlat_tables_internal.c
@@ -784,8 +784,8 @@ void mmap_add_region_ctx(xlat_ctx_t *ctx, const mmap_region_t *mm)
 	       && mm_cursor->size)
 		++mm_cursor;
 
-	while ((mm_cursor->base_va + mm_cursor->size - 1 == end_va)
-	       && (mm_cursor->size < mm->size))
+	while ((mm_cursor->base_va + mm_cursor->size - 1 == end_va) &&
+	       (mm_cursor->size != 0U) && (mm_cursor->size < mm->size))
 		++mm_cursor;
 
 	/*