Attention is currently required from: Ed Sharma, Johnny Lin, Jonathan Zhang, Paul Menzel.

Martin Roth has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/68637?usp=email )

Change subject: commonlib/fsp_relocate: Fix Coverity Issues ......................................................................

Patch Set 4:

(2 comments)

File src/commonlib/fsp_relocate.c:

https://review.coreboot.org/c/coreboot/+/68637/comment/026df7c5_cc166dee : PS4, Line 230: offset_limit = roffset + rsize;

Fixes issue reported as below: […]

As with below, this doesn't fix the problem that the roffset and rsize are not sanity checked before using them.

https://review.coreboot.org/c/coreboot/+/68637/comment/ff102579_ef2a815f : PS4, Line 258: ptr = &pe_base[aoff];

Fixes the below reported Coverity issue. […]

This doesn't verify the value though, so while it may get around the coverity warning, it doesn't "fix" it.

To fix the problem, you need to make sure that aoff is a reasonable value before using it as the offset.