summaryrefslogtreecommitdiff
path: root/util/romcc
diff options
context:
space:
mode:
authorJacob Garber <jgarber1@ualberta.ca>2019-05-20 16:35:33 -0600
committerPatrick Georgi <pgeorgi@google.com>2019-05-22 10:03:11 +0000
commit9b0d8e7a1fd18a53579d0332204d2be57ec0474b (patch)
tree8b60913b35159dfb2415d9cdb21647d109d11a4a /util/romcc
parentb6ee05692dce5df945b8363d361398ab2192d960 (diff)
util/romcc: Prevent out-of-bounds read
If 'class > LAST_REGC', then there will be an out-of-bounds read when accessing 'regcm_bound'. Prevent this by skipping to the next iteration of the loop. Note that this should not generally happen anyway, since 'result' represents a bitset for the indices of 'regcm_bound', and so iterations where 'class > LAST_REGC' should already be skipped by the previous continue statement (since those bits of 'result' should all be zero). Found-by: Covericy CID 1129122 Signed-off-by: Jacob Garber <jgarber1@ualberta.ca> Change-Id: Id5f5adb0a292763251054aeecf2a5b87a11297b1 Reviewed-on: https://review.coreboot.org/c/coreboot/+/32902 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Patrick Georgi <pgeorgi@google.com> Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Diffstat (limited to 'util/romcc')
-rw-r--r--util/romcc/romcc.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/util/romcc/romcc.c b/util/romcc/romcc.c
index b9ec835f6f..329cfd2433 100644
--- a/util/romcc/romcc.c
+++ b/util/romcc/romcc.c
@@ -22160,6 +22160,7 @@ static unsigned arch_regcm_normalize(struct compile_state *state, unsigned regcm
}
if (class > LAST_REGC) {
result &= ~mask;
+ continue;
}
for(class2 = 0; class2 <= LAST_REGC; class2++) {
if ((regcm_bound[class2].first >= regcm_bound[class].first) &&