View Change
2 comments:
File src/lib/spd_bin.c:
Patch Set #12, Line 140: uint8_t spd[]
why is spd passed in when you're trying to define the part name that is out of band from the spd?
Patch Set #12, Line 177: spd_name[name_len + 1] = 0;
This is actually a change. e.g. in ddr4 case this index is now DDR4_SPD_PART_LEN + 1 where it wasn't prior, and it is now an out of bound access.
This function needs the buffer size of spd_name to be correct.
To view, visit change 45459. To unsubscribe, or for help writing mail filters, visit settings.
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I91971e07c450492dbb0588abd1c3c692ee0d3bb0
Gerrit-Change-Number: 45459
Gerrit-PatchSet: 12
Gerrit-Owner: Nick Vaccaro <nvaccaro@google.com>
Gerrit-Reviewer: Caveh Jalali <caveh@chromium.org>
Gerrit-Reviewer: Furquan Shaikh <furquan@google.com>
Gerrit-Reviewer: Patrick Rudolph <siro@das-labor.org>
Gerrit-Reviewer: Tim Wawrzynczak <twawrzynczak@google.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-CC: Aaron Durbin <adurbin@chromium.org>
Gerrit-CC: Paul Menzel <paulepanter@users.sourceforge.net>
Gerrit-CC: Tim Wawrzynczak <twawrzynczak@chromium.org>
Gerrit-Comment-Date: Thu, 17 Sep 2020 23:27:02 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Gerrit-MessageType: comment