Martin Roth has submitted this change and it was merged. ( https://review.coreboot.org/c/coreboot/+/33383 )
Change subject: nb/intel/nehalem: Prevent out of bounds read ......................................................................
nb/intel/nehalem: Prevent out of bounds read
If the decoded SPD DRAM frequency is slower than the controller minimum, then there will be an unsigned integer underflow in the following loop, which will lead to a very large out of bounds array access. Ensure this does not happen.
Change-Id: Ic8ed1293adfe0866781bd638323977abd110777e Signed-off-by: Jacob Garber jgarber1@ualberta.ca Found-by: Coverity CID 1229675 Reviewed-on: https://review.coreboot.org/c/coreboot/+/33383 Tested-by: build bot (Jenkins) no-reply@coreboot.org Reviewed-by: HAOUAS Elyes ehaouas@noos.fr Reviewed-by: Angel Pons th3fanbus@gmail.com --- M src/northbridge/intel/nehalem/raminit.c 1 file changed, 2 insertions(+), 0 deletions(-)
Approvals: build bot (Jenkins): Verified HAOUAS Elyes: Looks good to me, but someone else must approve Angel Pons: Looks good to me, approved
diff --git a/src/northbridge/intel/nehalem/raminit.c b/src/northbridge/intel/nehalem/raminit.c index b4ff85c..fadf0e0 100644 --- a/src/northbridge/intel/nehalem/raminit.c +++ b/src/northbridge/intel/nehalem/raminit.c @@ -595,6 +595,8 @@ info-> spd[channel][slot][CAS_LATENCY_TIME]); } + if (cycletime > min_cycletime[0]) + die("RAM init: Decoded SPD DRAM freq is slower than the controller minimum!"); for (clock_speed_index = 0; clock_speed_index < 3; clock_speed_index++) { if (cycletime == min_cycletime[clock_speed_index]) break;