From d8bb69a451276baf14f17fceeb89790638310990 Mon Sep 17 00:00:00 2001 From: Rizwan Qureshi Date: Tue, 8 Nov 2016 21:01:09 +0530 Subject: soc/intel/skylake: fix memory access beyond array bounds chip.h has a config array PcieRpClkReqNumber which corresponds to a FSP UPD parameter, the size is currently set to 20. However the size of PcieRpClkReqNumber UPD in FSP2.0 is 24, so memcpy (config buffer to UPD buffer) in chip_fsp20.c will read beyond the bounds of config array. Hence set the size of PcieRpClkReqNumber array based on the FSP in use. Found-by: Coverity Scan #1365385, #1365386 Change-Id: I937f68ef33f218cd7f9ba5cf3baaec162bca3fc8 Signed-off-by: Rizwan Qureshi Reviewed-on: https://review.coreboot.org/17292 Tested-by: build bot (Jenkins) Reviewed-by: Aaron Durbin --- src/soc/intel/skylake/Kconfig | 5 +++++ src/soc/intel/skylake/chip.h | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'src/soc/intel') diff --git a/src/soc/intel/skylake/Kconfig b/src/soc/intel/skylake/Kconfig index 7591d66f50..1960a9a285 100644 --- a/src/soc/intel/skylake/Kconfig +++ b/src/soc/intel/skylake/Kconfig @@ -239,4 +239,9 @@ config SPI_FLASH_INCLUDE_ALL_DRIVERS bool default n +config MAX_ROOT_PORTS + int + default 24 if PLATFORM_USES_FSP2_0 + default 20 if PLATFORM_USES_FSP1_1 + endif diff --git a/src/soc/intel/skylake/chip.h b/src/soc/intel/skylake/chip.h index 5a4e85bf00..207c360476 100644 --- a/src/soc/intel/skylake/chip.h +++ b/src/soc/intel/skylake/chip.h @@ -161,9 +161,9 @@ struct soc_intel_skylake_config { u8 EnableTraceHub; /* Pcie Root Ports */ - u8 PcieRpEnable[20]; - u8 PcieRpClkReqSupport[20]; - u8 PcieRpClkReqNumber[20]; + u8 PcieRpEnable[CONFIG_MAX_ROOT_PORTS]; + u8 PcieRpClkReqSupport[CONFIG_MAX_ROOT_PORTS]; + u8 PcieRpClkReqNumber[CONFIG_MAX_ROOT_PORTS]; /* USB related */ struct usb2_port_config usb2_ports[16]; -- cgit v1.2.3