Nico Huber has submitted this change. ( https://review.coreboot.org/c/coreboot/+/36192 )
Change subject: vc/amd/agesa: Fix out of bounds read ......................................................................
vc/amd/agesa: Fix out of bounds read
ByteLane is used unitialized from prior for statement, creating a potential out-of-bound read of RxOrig[MaxByteLanes]. PassTestRxEnDly[MaxByteLanes] never appears as rvalue; all for loops have ByteLane < MaxByteLanes exit condition.
Change-Id: Icd18a146aba6b6120d37518d8c40c7efbc05afa3 Signed-off-by: Joe Moore awokd@danwin1210.me Found-by: Coverity CID 1241804 Reviewed-on: https://review.coreboot.org/c/coreboot/+/36192 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: Mike Banon mikebdp2@gmail.com --- M src/vendorcode/amd/agesa/f15tn/Proc/Mem/Tech/mtthrcSeedTrain.c M src/vendorcode/amd/agesa/f16kb/Proc/Mem/Tech/mtthrcSeedTrain.c 2 files changed, 2 insertions(+), 2 deletions(-)
Approvals: build bot (Jenkins): Verified Mike Banon: Looks good to me, approved
diff --git a/src/vendorcode/amd/agesa/f15tn/Proc/Mem/Tech/mtthrcSeedTrain.c b/src/vendorcode/amd/agesa/f15tn/Proc/Mem/Tech/mtthrcSeedTrain.c index 3406d76..991667b 100644 --- a/src/vendorcode/amd/agesa/f15tn/Proc/Mem/Tech/mtthrcSeedTrain.c +++ b/src/vendorcode/amd/agesa/f15tn/Proc/Mem/Tech/mtthrcSeedTrain.c @@ -313,7 +313,6 @@ // IDS_HDT_CONSOLE (MEM_FLOW, "\n\t\t Setting PassTestRxEnDly\n"); IDS_HDT_CONSOLE (MEM_FLOW, "\t PassTestRxEnDly: "); - PassTestRxEnDly[ByteLane] = RxOrig[ByteLane]; for (ByteLane = 0; ByteLane < MaxByteLanes; ByteLane++) { if (RxEnDlyTargetFound[ByteLane] == FALSE) { // Calculate "PassTestRxEnDly" from current "RxEnDly" @@ -328,6 +327,7 @@ MemTRdPosRxEnSeedSetDly3 (TechPtr, PassTestRxEnDly[ByteLane], ByteLane); OutOfRange[ByteLane] = FALSE; } else { + PassTestRxEnDly[ByteLane] = RxOrig[ByteLane]; OutOfRange[ByteLane] = TRUE; } } else { diff --git a/src/vendorcode/amd/agesa/f16kb/Proc/Mem/Tech/mtthrcSeedTrain.c b/src/vendorcode/amd/agesa/f16kb/Proc/Mem/Tech/mtthrcSeedTrain.c index ce295ac..1446f3e 100644 --- a/src/vendorcode/amd/agesa/f16kb/Proc/Mem/Tech/mtthrcSeedTrain.c +++ b/src/vendorcode/amd/agesa/f16kb/Proc/Mem/Tech/mtthrcSeedTrain.c @@ -314,7 +314,6 @@ // IDS_HDT_CONSOLE (MEM_FLOW, "\n\t\t Setting PassTestRxEnDly\n"); IDS_HDT_CONSOLE (MEM_FLOW, "\t PassTestRxEnDly: "); - PassTestRxEnDly[ByteLane] = RxOrig[ByteLane]; for (ByteLane = 0; ByteLane < MaxByteLanes; ByteLane++) { if (RxEnDlyTargetFound[ByteLane] == FALSE) { // Calculate "PassTestRxEnDly" from current "RxEnDly" @@ -329,6 +328,7 @@ MemTRdPosRxEnSeedSetDly3 (TechPtr, PassTestRxEnDly[ByteLane], ByteLane); OutOfRange[ByteLane] = FALSE; } else { + PassTestRxEnDly[ByteLane] = RxOrig[ByteLane]; OutOfRange[ByteLane] = TRUE; } } else {