From cb0dd58b37b22f7731cd81da8024934040fafdc0 Mon Sep 17 00:00:00 2001
From: Edward O'Callaghan <eocallaghan@alterapraxis.com>
Date: Sun, 7 Dec 2014 05:20:14 +1100
Subject: amd/agesa/f*/Lib/amdlib.c: Integer overflow in loop construct

As is the case in commit:

 3312ed7 amd/agesa/f1?/Lib/amdlib.c: Integer overflow in loop construct

The semantics of this loop relies on an integer overflow in Index >=0
that implies a return value of (UINT8)-1 which around wraps to 0xFF, or
VOLT_UNSUPPORTED.

Also fix an infinite loop.

Change-Id: Iced3eff3ae7b8935db3bdd6147372cf3b540883c
Signed-off-by: Edward O'Callaghan <eocallaghan@alterapraxis.com>
Reviewed-on: http://review.coreboot.org/7676
Reviewed-by: Bruce Griffith <Bruce.Griffith@se-eng.com>
Tested-by: build bot (Jenkins)
Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
---
 src/vendorcode/amd/agesa/f16kb/Lib/amdlib.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

(limited to 'src/vendorcode/amd/agesa/f16kb')

diff --git a/src/vendorcode/amd/agesa/f16kb/Lib/amdlib.c b/src/vendorcode/amd/agesa/f16kb/Lib/amdlib.c
index d0e66b9fc9..75354f9cf1 100644
--- a/src/vendorcode/amd/agesa/f16kb/Lib/amdlib.c
+++ b/src/vendorcode/amd/agesa/f16kb/Lib/amdlib.c
@@ -355,17 +355,25 @@ LibAmdBitScanForward (
   }
   return (UINT8) Index;
 }
+
 UINT8
 LibAmdBitScanReverse (
   IN       UINT32 value
 )
 {
-  UINTN Index;
-  for (Index = 31; Index >= 0; Index--){
-      if (value & (1 << Index)) break;
-  }
-  return (UINT8) Index;
+  uint8_t bit = 31;
+  do {
+    if (value & (1 << 31))
+      return bit;
+
+    value <<= 1;
+    bit--;
+
+  } while (value != 0);
+
+  return 0xFF; /* Error code indicating no bit found */
 }
+
 VOID
 LibAmdMsrRead (
   IN       UINT32 MsrAddress,
-- 
cgit v1.2.3