[coreboot-gerrit] Patch set updated for coreboot: soc/intel/skylake: fix memory access beyond array bounds

Rizwan Qureshi (rizwan.qureshi@intel.com) gerrit at coreboot.org
Tue Nov 8 17:39:08 CET 2016 

Rizwan Qureshi (rizwan.qureshi at intel.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/17292

-gerrit

commit 618700263e1cbebe16eae0314163c03447d80560
Author: Rizwan Qureshi <rizwan.qureshi at intel.com>
Date:   Tue Nov 8 21:01:09 2016 +0530

    soc/intel/skylake: fix memory access beyond array bounds
    
    chip.h has a config array PcieRpClkReqNumber which corresponds
    to a FSP UPD parameter, the size is currently set to 20.
    However the size of PcieRpClkReqNumber UPD in FSP2.0 is 24,
    so memcpy (config buffer to UPD buffer) in chip_fsp20.c will read
    beyond the bounds of config array.
    Hence set the size of PcieRpClkReqNumber array based on the FSP in use.
    
    Found-by: Coverity Scan #1365385, #1365386
    
    Change-Id: I937f68ef33f218cd7f9ba5cf3baaec162bca3fc8
    Signed-off-by: Rizwan Qureshi <rizwan.qureshi at intel.com>
---
 src/soc/intel/skylake/Kconfig | 5 +++++
 src/soc/intel/skylake/chip.h  | 6 +++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/soc/intel/skylake/Kconfig b/src/soc/intel/skylake/Kconfig
index 7591d66..1960a9a 100644
--- a/src/soc/intel/skylake/Kconfig
+++ b/src/soc/intel/skylake/Kconfig
@@ -239,4 +239,9 @@ config SPI_FLASH_INCLUDE_ALL_DRIVERS
 	bool
 	default n
 
+config MAX_ROOT_PORTS
+	int
+	default 24 if PLATFORM_USES_FSP2_0
+	default 20 if PLATFORM_USES_FSP1_1
+
 endif
diff --git a/src/soc/intel/skylake/chip.h b/src/soc/intel/skylake/chip.h
index 5a4e85b..207c360 100644
--- a/src/soc/intel/skylake/chip.h
+++ b/src/soc/intel/skylake/chip.h
@@ -161,9 +161,9 @@ struct soc_intel_skylake_config {
 	u8 EnableTraceHub;
 
 	/* Pcie Root Ports */
-	u8 PcieRpEnable[20];
-	u8 PcieRpClkReqSupport[20];
-	u8 PcieRpClkReqNumber[20];
+	u8 PcieRpEnable[CONFIG_MAX_ROOT_PORTS];
+	u8 PcieRpClkReqSupport[CONFIG_MAX_ROOT_PORTS];
+	u8 PcieRpClkReqNumber[CONFIG_MAX_ROOT_PORTS];
 
 	/* USB related */
 	struct usb2_port_config usb2_ports[16];

More information about the coreboot-gerrit mailing list