Nico Huber submitted this change.
vc/amd/agesa/f16kb/Proc/GNB: Fix out-of-bounds read
Incorrect values read from a different memory region will cause
incorrect computations. VceFlags array size should be 4 based on
similar code in f15 branch, and because
f16kb/Proc/GNB/Modules/GnbInitKB/GnbF1TableKB.c only loads
4 values for VceFlags in DefaultPpF1ArrayKB. Leaving it at 5
results in an out-of-bounds read of PP_FUSE_ARRAY_V2_fld16
in line 901 of
f16kb/Proc/GNB/Modules/GnbGfxIntTableV3/GfxPwrPlayTable.c
when Index reaches 4.
Change-Id: I0242c0634e66616018e6df04ac6f1505b82a630f
Signed-off-by: Joe Moore <awokd@danwin1210.me>
Found-by: Coverity CID 1241878
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38056
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Mike Banon <mikebdp2@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
---
M src/vendorcode/amd/agesa/f16kb/Proc/GNB/Common/GnbF1Table.h
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Common/GnbF1Table.h b/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Common/GnbF1Table.h
index add5509..90df07c 100644
--- a/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Common/GnbF1Table.h
+++ b/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Common/GnbF1Table.h
@@ -66,7 +66,7 @@
UINT32 PP_FUSE_ARRAY_V2_fld11;
UINT32 PP_FUSE_ARRAY_V2_fld12;
BOOLEAN PP_FUSE_ARRAY_V2_fld13;
- UINT8 VceFlags[5]; ///< VCE Flags
+ UINT8 VceFlags[4]; ///< VCE Flags
UINT8 VceMclk; ///< MCLK for VCE
UINT8 PP_FUSE_ARRAY_V2_fld16[4];
UINT8 EclkDid[5]; ///< Eclk DID
To view, visit change 38056. To unsubscribe, or for help writing mail filters, visit settings.