search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 4926e98) | patch
soc/intel/{broad,cannon,sky}: Fix possible out-of-bounds reads
commitbcdb893778f857f310115522bbf7d70ad0cc017f
authorJacob Garber <jgarber1@ualberta.ca>
Mon, 22 Jul 2019 21:16:30 +0000 (22 15:16 -0600)
committerPatrick Georgi <pgeorgi@google.com>
Tue, 30 Jul 2019 09:56:02 +0000 (30 09:56 +0000)
tree4a8e4314bdc7527f130bc78e172212cd054e54c0tree | snapshot (tar.gz zip)
parent4926e989ac2f83bd887bee683c7e2c0481f5cd3acommit | diff
soc/intel/{broad,cannon,sky}: Fix possible out-of-bounds reads

There will be a possible out of bounds array access if
power_limit_1_time == ARRAY_SIZE(power_limit_time_sec_to_msr), so
prevent that in the index check. This issue was fixed for other cpus in
commit 5cfef13f8d (cpu/intel: Fix out-of-bounds read due to off-by-one
in condition). Based on the discussion for that commit, also remove the
magic constant 28 in favour of the index of the last array element.

Change-Id: Ic3f8735b23a368f8a9395757bd52c2c40088afa1
Signed-off-by: Jacob Garber <jgarber1@ualberta.ca>
Found-by: Coverity CID 1229673
Reviewed-on: https://review.coreboot.org/c/coreboot/+/34498
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Patrick Rudolph <siro@das-labor.org>
src/soc/intel/broadwell/cpu.c diff | blob | blame | history
src/soc/intel/cannonlake/cpu.c diff | blob | blame | history
src/soc/intel/skylake/cpu.c diff | blob | blame | history
ast, secure and flexible OpenSource firmware