summaryrefslogtreecommitdiff
path: root/src/cpu/intel/haswell
diff options
context:
space:
mode:
authorEdward O'Callaghan <eocallaghan@alterapraxis.com>2014-08-03 20:00:47 +1000
committerEdward O'Callaghan <eocallaghan@alterapraxis.com>2014-08-04 13:58:14 +0200
commit5cfef13f8d13b378f72b61ba3e4d7eee065f6d26 (patch)
tree869e16a3871dfb65dd1878ce904df1f956576616 /src/cpu/intel/haswell
parent18d9899be13ac518cfe65ed326df0b333a58eabf (diff)
cpu/intel: Fix out-of-bounds read due to off-by-one in condition
If power_limit_1_time > 129 is false then power_limit_1_time can have a value of up to 129 leading to an out-of-bounds illegal read indexing the power_limit_time_sec_to_msr[] array. Thankfully all call sites have been doing the right thing up until now so the issue has not been visible. Change-Id: Ic029d1af7fe43ca7da271043c2b08fe3088714af Found-by: Coverity Scan Signed-off-by: Edward O'Callaghan <eocallaghan@alterapraxis.com> Reviewed-on: http://review.coreboot.org/6478 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi <patrick@georgi-clan.de>
Diffstat (limited to 'src/cpu/intel/haswell')
-rw-r--r--src/cpu/intel/haswell/haswell_init.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/cpu/intel/haswell/haswell_init.c b/src/cpu/intel/haswell/haswell_init.c
index 043ba3a580..68c76431b7 100644
--- a/src/cpu/intel/haswell/haswell_init.c
+++ b/src/cpu/intel/haswell/haswell_init.c
@@ -463,8 +463,8 @@ void set_power_limits(u8 power_limit_1_time)
unsigned tdp, min_power, max_power, max_time;
u8 power_limit_1_val;
- if (power_limit_1_time > ARRAY_SIZE(power_limit_time_sec_to_msr))
- power_limit_1_time = 28;
+ if (power_limit_1_time >= ARRAY_SIZE(power_limit_time_sec_to_msr))
+ power_limit_1_time = ARRAY_SIZE(power_limit_time_sec_to_msr) - 1;
if (!(msr.lo & PLATFORM_INFO_SET_TDP))
return;