From 5cfef13f8d13b378f72b61ba3e4d7eee065f6d26 Mon Sep 17 00:00:00 2001 From: Edward O'Callaghan Date: Sun, 3 Aug 2014 20:00:47 +1000 Subject: cpu/intel: Fix out-of-bounds read due to off-by-one in condition If power_limit_1_time > 129 is false then power_limit_1_time can have a value of up to 129 leading to an out-of-bounds illegal read indexing the power_limit_time_sec_to_msr[] array. Thankfully all call sites have been doing the right thing up until now so the issue has not been visible. Change-Id: Ic029d1af7fe43ca7da271043c2b08fe3088714af Found-by: Coverity Scan Signed-off-by: Edward O'Callaghan Reviewed-on: http://review.coreboot.org/6478 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Georgi --- src/cpu/intel/model_206ax/model_206ax_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/cpu/intel/model_206ax/model_206ax_init.c') diff --git a/src/cpu/intel/model_206ax/model_206ax_init.c b/src/cpu/intel/model_206ax/model_206ax_init.c index 4e56414538..dbde512204 100644 --- a/src/cpu/intel/model_206ax/model_206ax_init.c +++ b/src/cpu/intel/model_206ax/model_206ax_init.c @@ -247,7 +247,7 @@ void set_power_limits(u8 power_limit_1_time) unsigned tdp, min_power, max_power, max_time; u8 power_limit_1_val; - if (power_limit_1_time > ARRAY_SIZE(power_limit_time_sec_to_msr)) + if (power_limit_1_time >= ARRAY_SIZE(power_limit_time_sec_to_msr)) return; if (!(msr.lo & PLATFORM_INFO_SET_TDP)) -- cgit v1.2.3