From fdb0294846cf18b1077e8b0a4b2fe29d6b5a0bb4 Mon Sep 17 00:00:00 2001 From: Zheng Bao Date: Tue, 22 Feb 2022 09:47:59 +0800 Subject: amdfwtool: Check the real length of PMU string The length should be checked before the PMU_STR_INS_INDEX(th) character is accessed, otherwise it is going to an access violation. Change-Id: I8b59eb34e1cb01fd6e2571fcebc28ef2084b6ec4 Signed-off-by: Zheng Bao Reviewed-on: https://review.coreboot.org/c/coreboot/+/62249 Tested-by: build bot (Jenkins) Reviewed-by: Felix Held --- util/amdfwtool/data_parse.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'util/amdfwtool/data_parse.c') diff --git a/util/amdfwtool/data_parse.c b/util/amdfwtool/data_parse.c index c69a38958e..a6b73ee1ec 100644 --- a/util/amdfwtool/data_parse.c +++ b/util/amdfwtool/data_parse.c @@ -348,6 +348,7 @@ static uint8_t find_register_fw_filename_psp_dir(char *fw_name, char *filename, #define PMU_STR_BASE_LEN strlen(PMUI_STR_BASE) #define PMU_STR_SUB_INDEX strlen(PMUI_STR_BASE"_SUB") #define PMU_STR_INS_INDEX strlen(PMUI_STR_BASE"_SUBx_INS") +#define PMU_STR_ALL_LEN strlen(PMUI_STR_BASE"_SUBx_INSx") static uint8_t find_register_fw_filename_bios_dir(char *fw_name, char *filename, char level_to_set, amd_cb_config *cb_config) @@ -360,10 +361,12 @@ static uint8_t find_register_fw_filename_bios_dir(char *fw_name, char *filename, (void) (cb_config); /* Remove warning and reserved for future. */ if (strncmp(fw_name, PMUI_STR_BASE, PMU_STR_BASE_LEN) == 0) { + assert(strlen(fw_name) == PMU_STR_ALL_LEN); fw_type = AMD_BIOS_PMUI; subprog = fw_name[PMU_STR_SUB_INDEX] - '0'; instance = fw_name[PMU_STR_INS_INDEX] - '0'; } else if (strncmp(fw_name, PMUD_STR_BASE, PMU_STR_BASE_LEN) == 0) { + assert(strlen(fw_name) == PMU_STR_ALL_LEN); fw_type = AMD_BIOS_PMUD; subprog = fw_name[PMU_STR_SUB_INDEX] - '0'; instance = fw_name[PMU_STR_INS_INDEX] - '0'; -- cgit v1.2.3