[coreboot-gerrit] New patch to review for coreboot: soc/intel/skylake: Pass an array instead of a uint8

[Martin Roth (martinroth@google.com)]

Martin Roth (martinroth at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/17481

-gerrit

commit 548af4d672b97c5d23a23169b7cb9de4e0c0cd61
Author: Martin Roth <martinroth at google.com>
Date:   Fri Nov 18 11:02:25 2016 -0700

    soc/intel/skylake: Pass an array instead of a uint8
    
    The early_spi_read_wpsr() function was passing a pointer to a uint8,
    which ended up being used as an array.  To prevent any possible
    overrun, change it to an array limited to the same size that
    pch_hwseq_read_status() is expecting.
    
    Addresses coverity issue 1349860 - Out-of-bounds access
    
    Change-Id: Ib2a63fe02f5308363d49430ef98b7e74d4543a2b
    Signed-off-by: Martin Roth <martinroth at google.com>
---
 src/soc/intel/skylake/romstage/spi.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/soc/intel/skylake/romstage/spi.c b/src/soc/intel/skylake/romstage/spi.c
index db69cbe..88a1167 100644
--- a/src/soc/intel/skylake/romstage/spi.c
+++ b/src/soc/intel/skylake/romstage/spi.c
@@ -23,7 +23,7 @@
  */
 int early_spi_read_wpsr(u8 *sr)
 {
-	uint8_t rdsr;
+	uint8_t rdsr[SPI_READ_STATUS_LENGTH];
 	int ret = 0;
 
 	spi_init();
@@ -31,12 +31,12 @@ int early_spi_read_wpsr(u8 *sr)
 	/* sending NULL for spiflash struct parameter since we are not
 	 * calling HWSEQ read_status() call via Probe.
 	 */
-	ret = pch_hwseq_read_status(NULL, &rdsr);
+	ret = pch_hwseq_read_status(NULL, rdsr);
 	if (ret) {
 		printk(BIOS_ERR, "SPI rdsr failed\n");
 		return ret;
 	}
-	*sr = rdsr & WPSR_MASK_SRP0_BIT;
+	*sr = rdsr[0] & WPSR_MASK_SRP0_BIT;
 
 	return 0;
 }