[coreboot-gerrit] New patch to review for coreboot: c15db53 device/dram/ddr3.c: Fix sizeof on array func param overflow
Edward O'Callaghan (eocallaghan@alterapraxis.com)
gerrit at coreboot.org
Fri Nov 7 23:39:39 CET 2014
Edward O'Callaghan (eocallaghan at alterapraxis.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/7353
-gerrit
commit c15db53bb3d15be1f739109d2d9137a424d947dd
Author: Edward O'Callaghan <eocallaghan at alterapraxis.com>
Date: Sat Nov 8 09:35:31 2014 +1100
device/dram/ddr3.c: Fix sizeof on array func param overflow
The sizeof on array function parameter will return size of 'u8 *'
instead of 'spd_raw_data' (aka 'u8 [256]' leading to an overflow.
Found-by: Clang
Change-Id: I78e113a640b2953c853eb43bd6874e4694260b1f
Signed-off-by: Edward O'Callaghan <eocallaghan at alterapraxis.com>
---
src/device/dram/ddr3.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/device/dram/ddr3.c b/src/device/dram/ddr3.c
index a43caed..00f2ba9 100644
--- a/src/device/dram/ddr3.c
+++ b/src/device/dram/ddr3.c
@@ -127,7 +127,7 @@ int spd_decode_ddr3(dimm_attr * dimm, spd_raw_data spd)
}
dimm->dram_type = SPD_MEMORY_TYPE_SDRAM_DDR3;
- crc = spd_ddr3_calc_crc(spd, sizeof(spd));
+ crc = spd_ddr3_calc_crc(spd, sizeof(*spd));
/* Compare with the CRC in the SPD */
spd_crc = (spd[127] << 8) + spd[126];
/* Verify the CRC is correct */
More information about the coreboot-gerrit
mailing list