Martin Roth (martinroth@google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/12855

-gerrit

commit 083df88dae36678b23474b0d0a8401e771c35f45 Author: Martin Roth martinroth@google.com Date: Wed Jan 6 21:18:21 2016 -0700

vendorcode/amd/agesa/f15tn: Fix out of bounds read on on memory voltage

I think this has a fairly low likelyhood of happening, but if AGESA can't determine the voltage of the memory, it assignes a value of 255 to the variable that it later uses to read from an 3-value array. There is an assert, but that doesn't halt AGESA, so it would use some random value. If the voltage can't be determined, fall back to 1.5v as the default value.

Fixes coverity warning 1294803 - Out-of-bounds read

Change-Id: Ib9e568175edbdf55a7a4c35055da7169ea7f2ede Signed-off-by: Martin Roth martinroth@google.com --- src/vendorcode/amd/agesa/f15tn/Proc/Mem/Ps/mpmaxfreq.c | 2 ++ 1 file changed, 2 insertions(+)

diff --git a/src/vendorcode/amd/agesa/f15tn/Proc/Mem/Ps/mpmaxfreq.c b/src/vendorcode/amd/agesa/f15tn/Proc/Mem/Ps/mpmaxfreq.c index a9fc1dc..76d7e51 100644 --- a/src/vendorcode/amd/agesa/f15tn/Proc/Mem/Ps/mpmaxfreq.c +++ b/src/vendorcode/amd/agesa/f15tn/Proc/Mem/Ps/mpmaxfreq.c @@ -286,6 +286,8 @@ MemPGetMaxFreqSupported ( IDS_HDT_CONSOLE (MEM_FLOW, "\n"); } ASSERT (DDR3Voltage <= VOLT1_25_ENCODED_VAL); + if (DDR3Voltage > VOLT1_25_ENCODED_VAL) + DDR3Voltage = VOLT1_5_ENCODED_VAL; // if unknown, fall back to 1.5v MaxFreqSupported = SpeedArray[DDR3Voltage]; }