Hi,
Is it possible to call psa_call() with NULL outvecs with TF-M v2.0? I am using IPC model. This worked for me with TF-M v1.8 but now I see get a NULL pointer dereference with TF-M v2.0 when psa_reply() is called. Specifically, it happens inside update_caller_outvec_len().
It seems msg.out_size[i] is non-zero (due to a previous psa_call which had 3 outvecs). handle->caller_outvec[i].len causes a NULL pointer deference.
void update_caller_outvec_len(struct connection_t *handle) { uint32_t i;
for (i = 0; i < PSA_MAX_IOVEC; i++) { if (handle->msg.out_size[i] == 0) { continue; }
SPM_ASSERT(handle->caller_outvec[i].base == handle->outvec_base[i]);
handle->caller_outvec[i].len = handle->outvec_written[i]; } }
spm_associate_call_params() does not clear msg.out_size[] so the previous contents remain.
One potential fix is to add the highlighted code below to clear out_size[].
[cid:image001.png@01DA27A5.8860E6F0]
Regards,
Brian Quach SimpleLink MCU Texas Instruments Inc. 12500 TI Blvd, MS F-4000 Dallas, TX 75243 214-479-4076
