Attention is currently required from: Nico Huber. Hello Nico Huber,
I'd like you to do a code review. Please visit
https://review.coreboot.org/c/coreboot/+/50311
to review the following change.
Change subject: cpu/x86/smm: Add overflow check ......................................................................
cpu/x86/smm: Add overflow check
Rather bail out than run into undefined behavior.
Original-Change-Id: Ife26a0abed0ce6bcafe1e7cd8f499618631c4df4 Original-Signed-off-by: Nico Huber nico.h@gmx.de Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/38763 Original-Tested-by: build bot (Jenkins) no-reply@coreboot.org Original-Reviewed-by: Patrick Rudolph siro@das-labor.org Original-Reviewed-by: Angel Pons th3fanbus@gmail.com Original-Reviewed-by: cedarhouse1@comcast.net
(cherry picked from commit 6d5f007813f6a2ffbdd6a633f31d207672eee2e1) Signed-off-by: Marc Jones marcjones@sysproconsulting.com
Change-Id: I28e10d8836ab80c6fec9d3414c795c5e6ff312e8 --- M src/cpu/x86/smm/smm_module_loader.c 1 file changed, 2 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/11/50311/1
diff --git a/src/cpu/x86/smm/smm_module_loader.c b/src/cpu/x86/smm/smm_module_loader.c index 0940e34..3ed20b7 100644 --- a/src/cpu/x86/smm/smm_module_loader.c +++ b/src/cpu/x86/smm/smm_module_loader.c @@ -203,6 +203,8 @@ /* Adjust remaining size to account for save state. */ total_save_state_size = params->per_cpu_save_state_size * params->num_concurrent_save_states; + if (total_save_state_size > size) + return -1; size -= total_save_state_size;
/* The save state size encroached over the first SMM entry point. */