intel/common/block: Fix potential buffer overflow

Possible Buffer Overflow - Array Index Out of Bounds. Array
regions size is 256 but 'i' iterates from 0 to 256.

Found-by: Klockwork
BUG=None
BRANCH=firmware-brya-14505.B
TEST=Boot to OS

Signed-off-by: Bora Guvendik <bora.guvendik@intel.com>
Change-Id: Iee45a5821b9dd3f9e6f9816599beebf34555426d
Reviewed-on: https://review.coreboot.org/c/coreboot/+/72049
Reviewed-by: Hannah Williams <hannah.williams@intel.com>
Reviewed-by: Jérémy Compostella <jeremy.compostella@intel.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>

1 files changed, 6 insertions, 4 deletions

diff --git a/src/soc/intel/common/block/crashlog/crashlog.c b/src/soc/intel/common/block/crashlog/crashlog.c
index 5949264690..3bd2488846 100644
--- a/src/soc/intel/common/block/crashlog/crashlog.c
+++ b/src/soc/intel/common/block/crashlog/crashlog.c
@@ -145,16 +145,18 @@ int pmc_cl_gen_descriptor_table(u32 desc_table_addr,
 	printk(BIOS_DEBUG, "CL PMC desc table: numb of regions is 0x%x at addr 0x%x\n",
 	       descriptor_table->numb_regions, desc_table_addr);
 	for (int i = 0; i < descriptor_table->numb_regions; i++) {
+		if (i >= ARRAY_SIZE(descriptor_table->regions)) {
+			printk(BIOS_ERR, "Maximum number of PMC crashLog descriptor table exceeded (%u/%zu)\n",
+			descriptor_table->numb_regions,
+			ARRAY_SIZE(descriptor_table->regions));
+			break;
+		}
 		desc_table_addr += 4;
 		descriptor_table->regions[i].data = read32((u32 *)(desc_table_addr));
 		total_data_size += descriptor_table->regions[i].bits.size * sizeof(u32);
 		printk(BIOS_DEBUG, "CL PMC desc table: region 0x%x has size 0x%x at offset 0x%x\n",
 			i, descriptor_table->regions[i].bits.size,
 			descriptor_table->regions[i].bits.offset);
-		if (i > 255) {
-			printk(BIOS_ERR, "More than 255 regions in PMC crashLog descriptor table");
-			break;
-		}
 	}
 	return total_data_size;
 }