diff options
author | Bora Guvendik <bora.guvendik@intel.com> | 2023-01-17 12:09:56 -0800 |
---|---|---|
committer | Felix Held <felix-coreboot@felixheld.de> | 2023-01-22 00:36:49 +0000 |
commit | adb52533fce3c06adebd174301482e2f1fbcc3a1 (patch) | |
tree | ab69d768cf2c5fa15ee3aa7d741399b33e4c8ad7 /src/soc/intel/common/block/crashlog | |
parent | 5e2d9c0979696e63822854432cd37e9ea2189e99 (diff) |
intel/common/block: Fix potential buffer overflow
Possible Buffer Overflow - Array Index Out of Bounds. Array
regions size is 256 but 'i' iterates from 0 to 256.
Found-by: Klockwork
BUG=None
BRANCH=firmware-brya-14505.B
TEST=Boot to OS
Signed-off-by: Bora Guvendik <bora.guvendik@intel.com>
Change-Id: Iee45a5821b9dd3f9e6f9816599beebf34555426d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/72049
Reviewed-by: Hannah Williams <hannah.williams@intel.com>
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/soc/intel/common/block/crashlog')
-rw-r--r-- | src/soc/intel/common/block/crashlog/crashlog.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/soc/intel/common/block/crashlog/crashlog.c b/src/soc/intel/common/block/crashlog/crashlog.c index 5949264690..3bd2488846 100644 --- a/src/soc/intel/common/block/crashlog/crashlog.c +++ b/src/soc/intel/common/block/crashlog/crashlog.c @@ -145,16 +145,18 @@ int pmc_cl_gen_descriptor_table(u32 desc_table_addr, printk(BIOS_DEBUG, "CL PMC desc table: numb of regions is 0x%x at addr 0x%x\n", descriptor_table->numb_regions, desc_table_addr); for (int i = 0; i < descriptor_table->numb_regions; i++) { + if (i >= ARRAY_SIZE(descriptor_table->regions)) { + printk(BIOS_ERR, "Maximum number of PMC crashLog descriptor table exceeded (%u/%zu)\n", + descriptor_table->numb_regions, + ARRAY_SIZE(descriptor_table->regions)); + break; + } desc_table_addr += 4; descriptor_table->regions[i].data = read32((u32 *)(desc_table_addr)); total_data_size += descriptor_table->regions[i].bits.size * sizeof(u32); printk(BIOS_DEBUG, "CL PMC desc table: region 0x%x has size 0x%x at offset 0x%x\n", i, descriptor_table->regions[i].bits.size, descriptor_table->regions[i].bits.offset); - if (i > 255) { - printk(BIOS_ERR, "More than 255 regions in PMC crashLog descriptor table"); - break; - } } return total_data_size; } |