From 6d5f007813f6a2ffbdd6a633f31d207672eee2e1 Mon Sep 17 00:00:00 2001 From: Nico Huber Date: Fri, 7 Feb 2020 17:11:40 +0100 Subject: cpu/x86/smm: Add overflow check Rather bail out than run into undefined behavior. Change-Id: Ife26a0abed0ce6bcafe1e7cd8f499618631c4df4 Signed-off-by: Nico Huber Reviewed-on: https://review.coreboot.org/c/coreboot/+/38763 Tested-by: build bot (Jenkins) Reviewed-by: Patrick Rudolph Reviewed-by: Angel Pons Reviewed-by: --- src/cpu/x86/smm/smm_module_loader.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/cpu/x86/smm/smm_module_loader.c b/src/cpu/x86/smm/smm_module_loader.c index a421436893..81020a460a 100644 --- a/src/cpu/x86/smm/smm_module_loader.c +++ b/src/cpu/x86/smm/smm_module_loader.c @@ -202,6 +202,8 @@ static int smm_module_setup_stub(void *smbase, struct smm_loader_params *params, /* Adjust remaining size to account for save state. */ total_save_state_size = params->per_cpu_save_state_size * params->num_concurrent_save_states; + if (total_save_state_size > size) + return -1; size -= total_save_state_size; /* The save state size encroached over the first SMM entry point. */ -- cgit v1.2.3