diff options
author | Edward O'Callaghan <eocallaghan@alterapraxis.com> | 2014-08-03 20:00:47 +1000 |
---|---|---|
committer | Edward O'Callaghan <eocallaghan@alterapraxis.com> | 2014-08-04 13:58:14 +0200 |
commit | 5cfef13f8d13b378f72b61ba3e4d7eee065f6d26 (patch) | |
tree | 869e16a3871dfb65dd1878ce904df1f956576616 /src/cpu/intel/haswell | |
parent | 18d9899be13ac518cfe65ed326df0b333a58eabf (diff) |
cpu/intel: Fix out-of-bounds read due to off-by-one in condition
If power_limit_1_time > 129 is false then power_limit_1_time can have a
value of up to 129 leading to an out-of-bounds illegal read indexing the
power_limit_time_sec_to_msr[] array. Thankfully all call sites have been
doing the right thing up until now so the issue has not been visible.
Change-Id: Ic029d1af7fe43ca7da271043c2b08fe3088714af
Found-by: Coverity Scan
Signed-off-by: Edward O'Callaghan <eocallaghan@alterapraxis.com>
Reviewed-on: http://review.coreboot.org/6478
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <patrick@georgi-clan.de>
Diffstat (limited to 'src/cpu/intel/haswell')
-rw-r--r-- | src/cpu/intel/haswell/haswell_init.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/cpu/intel/haswell/haswell_init.c b/src/cpu/intel/haswell/haswell_init.c index 043ba3a580..68c76431b7 100644 --- a/src/cpu/intel/haswell/haswell_init.c +++ b/src/cpu/intel/haswell/haswell_init.c @@ -463,8 +463,8 @@ void set_power_limits(u8 power_limit_1_time) unsigned tdp, min_power, max_power, max_time; u8 power_limit_1_val; - if (power_limit_1_time > ARRAY_SIZE(power_limit_time_sec_to_msr)) - power_limit_1_time = 28; + if (power_limit_1_time >= ARRAY_SIZE(power_limit_time_sec_to_msr)) + power_limit_1_time = ARRAY_SIZE(power_limit_time_sec_to_msr) - 1; if (!(msr.lo & PLATFORM_INFO_SET_TDP)) return; |