View Change
1 comment:
File src/lib/spd_bin.c:
Patch Set #12, Line 177: spd_name[name_len + 1] = 0;
I had found the descrepancy while changing the code and considered adding a comment in code to point […]
I disagree on my specific comment. name_len +1 where name_len == DDR4_SPD_PART_LEN would be an out of bounds array access smashing the stack.
The point of my comment is that we should pass in ARRAY_SIZE(spd_name) into this function to correctly fill out the buffer. Your change will write to the array out of bounds.
To view, visit change 45459. To unsubscribe, or for help writing mail filters, visit settings.
Gerrit-Project: coreboot
Gerrit-Branch: master
Gerrit-Change-Id: I91971e07c450492dbb0588abd1c3c692ee0d3bb0
Gerrit-Change-Number: 45459
Gerrit-PatchSet: 13
Gerrit-Owner: Nick Vaccaro <nvaccaro@google.com>
Gerrit-Reviewer: Caveh Jalali <caveh@chromium.org>
Gerrit-Reviewer: Furquan Shaikh <furquan@google.com>
Gerrit-Reviewer: Patrick Rudolph <siro@das-labor.org>
Gerrit-Reviewer: Tim Wawrzynczak <twawrzynczak@google.com>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-CC: Aaron Durbin <adurbin@chromium.org>
Gerrit-CC: Paul Menzel <paulepanter@users.sourceforge.net>
Gerrit-CC: Tim Wawrzynczak <twawrzynczak@chromium.org>
Gerrit-Comment-Date: Fri, 18 Sep 2020 00:23:04 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: Nick Vaccaro <nvaccaro@google.com>
Comment-In-Reply-To: Aaron Durbin <adurbin@chromium.org>
Gerrit-MessageType: comment