From 3312ed7e7a0b3269d6559207cdf9ed932ffecd31 Mon Sep 17 00:00:00 2001 From: Edward O'Callaghan Date: Thu, 22 May 2014 03:36:22 +1000 Subject: amd/agesa/f1?/Lib/amdlib.c: Integer overflow in loop construct The semantics of this loop relies on an integer overflow in Index >=0 that implies a return value of (UINT8)-1 which around wraps to 0xFF, or VOLT_UNSUPPORTED. Change-Id: I44d68973d0a80093350b2a8a4d3b46bfbb57917a Signed-off-by: Edward O'Callaghan Reviewed-on: http://review.coreboot.org/5801 Tested-by: build bot (Jenkins) Reviewed-by: Marc Jones --- src/vendorcode/amd/agesa/f10/Lib/amdlib.c | 6 +++--- src/vendorcode/amd/agesa/f12/Lib/amdlib.c | 6 +++--- src/vendorcode/amd/agesa/f14/Lib/amdlib.c | 6 +++--- src/vendorcode/amd/agesa/f15/Lib/amdlib.c | 6 +++--- src/vendorcode/amd/agesa/f15tn/Lib/amdlib.c | 6 +++--- 5 files changed, 15 insertions(+), 15 deletions(-) (limited to 'src/vendorcode') diff --git a/src/vendorcode/amd/agesa/f10/Lib/amdlib.c b/src/vendorcode/amd/agesa/f10/Lib/amdlib.c index d88eee7a8e..83e6a009ab 100644 --- a/src/vendorcode/amd/agesa/f10/Lib/amdlib.c +++ b/src/vendorcode/amd/agesa/f10/Lib/amdlib.c @@ -344,11 +344,11 @@ LibAmdBitScanReverse ( IN UINT32 value ) { - UINTN Index; + UINT8 Index; for (Index = 31; Index >= 0; Index--){ - if (value & (1 << Index)) break; + if (value & (1 << Index)) return Index; } - return (UINT8) Index; + return 0xFF; } VOID LibAmdMsrRead ( diff --git a/src/vendorcode/amd/agesa/f12/Lib/amdlib.c b/src/vendorcode/amd/agesa/f12/Lib/amdlib.c index cb8f695a89..f88eb984c9 100644 --- a/src/vendorcode/amd/agesa/f12/Lib/amdlib.c +++ b/src/vendorcode/amd/agesa/f12/Lib/amdlib.c @@ -348,11 +348,11 @@ LibAmdBitScanReverse ( IN UINT32 value ) { - UINTN Index; + UINT8 Index; for (Index = 31; Index >= 0; Index--){ - if (value & (1 << Index)) break; + if (value & (1 << Index)) return Index; } - return (UINT8) Index; + return 0xFF; } VOID LibAmdMsrRead ( diff --git a/src/vendorcode/amd/agesa/f14/Lib/amdlib.c b/src/vendorcode/amd/agesa/f14/Lib/amdlib.c index 31b3f1ea69..c1fa494642 100644 --- a/src/vendorcode/amd/agesa/f14/Lib/amdlib.c +++ b/src/vendorcode/amd/agesa/f14/Lib/amdlib.c @@ -348,11 +348,11 @@ LibAmdBitScanReverse ( IN UINT32 value ) { - UINTN Index; + UINT8 Index; for (Index = 31; Index >= 0; Index--){ - if (value & (1 << Index)) break; + if (value & (1 << Index)) return Index; } - return (UINT8) Index; + return 0xFF; } VOID LibAmdMsrRead ( diff --git a/src/vendorcode/amd/agesa/f15/Lib/amdlib.c b/src/vendorcode/amd/agesa/f15/Lib/amdlib.c index e51a971a79..1180ad29a6 100644 --- a/src/vendorcode/amd/agesa/f15/Lib/amdlib.c +++ b/src/vendorcode/amd/agesa/f15/Lib/amdlib.c @@ -348,11 +348,11 @@ LibAmdBitScanReverse ( IN UINT32 value ) { - UINTN Index; + UINT8 Index; for (Index = 31; Index >= 0; Index--){ - if (value & (1 << Index)) break; + if (value & (1 << Index)) return Index; } - return (UINT8) Index; + return 0xFF; } UINT64 diff --git a/src/vendorcode/amd/agesa/f15tn/Lib/amdlib.c b/src/vendorcode/amd/agesa/f15tn/Lib/amdlib.c index 55adc8a478..9646e6d3b9 100644 --- a/src/vendorcode/amd/agesa/f15tn/Lib/amdlib.c +++ b/src/vendorcode/amd/agesa/f15tn/Lib/amdlib.c @@ -359,11 +359,11 @@ LibAmdBitScanReverse ( IN UINT32 value ) { - UINTN Index; + UINT8 Index; for (Index = 31; Index >= 0; Index--){ - if (value & (1 << Index)) break; + if (value & (1 << Index)) return Index; } - return (UINT8) Index; + return 0xFF; } VOID LibAmdMsrRead ( -- cgit v1.2.3