Jacob Garber has uploaded this change for review. ( https://review.coreboot.org/c/coreboot/+/34372 )
Change subject: device/pci_rom.c: Fix out of bounds read ......................................................................
device/pci_rom.c: Fix out of bounds read
run_rom->data is a uint16_t, so use the appropriate read function.
Change-Id: Icc14421412885495df90c90ed7da6e7d2eba4182 Signed-off-by: Jacob Garber jgarber1@ualberta.ca Found-by: Coverity CID 1402145 --- M src/device/pci_rom.c 1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/72/34372/1
diff --git a/src/device/pci_rom.c b/src/device/pci_rom.c index 34a9a81..2b2d46d 100644 --- a/src/device/pci_rom.c +++ b/src/device/pci_rom.c @@ -192,7 +192,7 @@ return NULL;
rom_data = (struct pci_data *)((u8 *)run_rom - + read_le32(&run_rom->data)); + + read_le16(&run_rom->data));
if (read_le32(&rom_data->signature) == PCI_DATA_HDR && read_le16(&rom_data->device) == dev->device
Marshall Dawson has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34372 )
Change subject: device/pci_rom.c: Fix out of bounds read ......................................................................
Patch Set 1: Code-Review+2
Paul Menzel has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/34372 )
Change subject: device/pci_rom.c: Fix out of bounds read ......................................................................
Patch Set 1: Code-Review+1
Patrick Georgi has submitted this change and it was merged. ( https://review.coreboot.org/c/coreboot/+/34372 )
Change subject: device/pci_rom.c: Fix out of bounds read ......................................................................
device/pci_rom.c: Fix out of bounds read
run_rom->data is a uint16_t, so use the appropriate read function.
Change-Id: Icc14421412885495df90c90ed7da6e7d2eba4182 Signed-off-by: Jacob Garber jgarber1@ualberta.ca Found-by: Coverity CID 1402145 Reviewed-on: https://review.coreboot.org/c/coreboot/+/34372 Reviewed-by: Marshall Dawson marshalldawson3rd@gmail.com Reviewed-by: Paul Menzel paulepanter@users.sourceforge.net Tested-by: build bot (Jenkins) no-reply@coreboot.org --- M src/device/pci_rom.c 1 file changed, 1 insertion(+), 1 deletion(-)
Approvals: build bot (Jenkins): Verified Paul Menzel: Looks good to me, but someone else must approve Marshall Dawson: Looks good to me, approved
diff --git a/src/device/pci_rom.c b/src/device/pci_rom.c index 34a9a81..2b2d46d 100644 --- a/src/device/pci_rom.c +++ b/src/device/pci_rom.c @@ -192,7 +192,7 @@ return NULL;
rom_data = (struct pci_data *)((u8 *)run_rom - + read_le32(&run_rom->data)); + + read_le16(&run_rom->data));
if (read_le32(&rom_data->signature) == PCI_DATA_HDR && read_le16(&rom_data->device) == dev->device
-
Jacob Garber (Code Review) -
Marshall Dawson (Code Review)
-
Patrick Georgi (Code Review)
-
Paul Menzel (Code Review)