summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZheng Bao <fishbaozi@gmail.com>2022-02-22 09:47:59 +0800
committerFelix Held <felix-coreboot@felixheld.de>2022-02-24 00:41:45 +0000
commitfdb0294846cf18b1077e8b0a4b2fe29d6b5a0bb4 (patch)
tree6f2b3d8f6ec4ec94effad5660855f49e598a7183
parente39d371909ff6ac6968b63cfc945338212c9a1c4 (diff)
amdfwtool: Check the real length of PMU string
The length should be checked before the PMU_STR_INS_INDEX(th) character is accessed, otherwise it is going to an access violation. Change-Id: I8b59eb34e1cb01fd6e2571fcebc28ef2084b6ec4 Signed-off-by: Zheng Bao <fishbaozi@gmail.com> Reviewed-on: https://review.coreboot.org/c/coreboot/+/62249 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Felix Held <felix-coreboot@felixheld.de>
-rw-r--r--util/amdfwtool/data_parse.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/util/amdfwtool/data_parse.c b/util/amdfwtool/data_parse.c
index c69a38958e..a6b73ee1ec 100644
--- a/util/amdfwtool/data_parse.c
+++ b/util/amdfwtool/data_parse.c
@@ -348,6 +348,7 @@ static uint8_t find_register_fw_filename_psp_dir(char *fw_name, char *filename,
#define PMU_STR_BASE_LEN strlen(PMUI_STR_BASE)
#define PMU_STR_SUB_INDEX strlen(PMUI_STR_BASE"_SUB")
#define PMU_STR_INS_INDEX strlen(PMUI_STR_BASE"_SUBx_INS")
+#define PMU_STR_ALL_LEN strlen(PMUI_STR_BASE"_SUBx_INSx")
static uint8_t find_register_fw_filename_bios_dir(char *fw_name, char *filename,
char level_to_set, amd_cb_config *cb_config)
@@ -360,10 +361,12 @@ static uint8_t find_register_fw_filename_bios_dir(char *fw_name, char *filename,
(void) (cb_config); /* Remove warning and reserved for future. */
if (strncmp(fw_name, PMUI_STR_BASE, PMU_STR_BASE_LEN) == 0) {
+ assert(strlen(fw_name) == PMU_STR_ALL_LEN);
fw_type = AMD_BIOS_PMUI;
subprog = fw_name[PMU_STR_SUB_INDEX] - '0';
instance = fw_name[PMU_STR_INS_INDEX] - '0';
} else if (strncmp(fw_name, PMUD_STR_BASE, PMU_STR_BASE_LEN) == 0) {
+ assert(strlen(fw_name) == PMU_STR_ALL_LEN);
fw_type = AMD_BIOS_PMUD;
subprog = fw_name[PMU_STR_SUB_INDEX] - '0';
instance = fw_name[PMU_STR_INS_INDEX] - '0';