Jacob Garber has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/32125
Change subject: soc/intel/baytrail: Correct array bounds check ......................................................................
soc/intel/baytrail: Correct array bounds check
If `gms == ARRAY_SIZE(gms_size_map)`, then we will have an out of bounds read. Fix the check to exclude this case. This was partially fixed in 04f68c1 (baytrail: fix range check).
Found-by: Coverity Scan, CID 1229677 (OVERRUN) Signed-off-by: Jacob Garber jgarber1@ualberta.ca Change-Id: I8c8cd59df49beea066b46cde3cf00237816aff33 --- M src/soc/intel/baytrail/gfx.c 1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/25/32125/1
diff --git a/src/soc/intel/baytrail/gfx.c b/src/soc/intel/baytrail/gfx.c index 73c0d15..eaec46b 100644 --- a/src/soc/intel/baytrail/gfx.c +++ b/src/soc/intel/baytrail/gfx.c @@ -50,7 +50,7 @@
gms = pci_read_config32(dev, GGC) & GGC_GSM_SIZE_MASK; gms >>= 3; - if (gms > ARRAY_SIZE(gms_size_map)) + if (gms >= ARRAY_SIZE(gms_size_map)) return; gmsize = gms_size_map[gms];