[coreboot-gerrit] New patch to review for coreboot: soc/intel/skylake: Pass an array instead of a uint8
Martin Roth (martinroth@google.com)
gerrit at coreboot.org
Fri Nov 18 20:25:45 CET 2016
Martin Roth (martinroth at google.com) just uploaded a new patch set to gerrit, which you can find at https://review.coreboot.org/17481
-gerrit
commit 548af4d672b97c5d23a23169b7cb9de4e0c0cd61
Author: Martin Roth <martinroth at google.com>
Date: Fri Nov 18 11:02:25 2016 -0700
soc/intel/skylake: Pass an array instead of a uint8
The early_spi_read_wpsr() function was passing a pointer to a uint8,
which ended up being used as an array. To prevent any possible
overrun, change it to an array limited to the same size that
pch_hwseq_read_status() is expecting.
Addresses coverity issue 1349860 - Out-of-bounds access
Change-Id: Ib2a63fe02f5308363d49430ef98b7e74d4543a2b
Signed-off-by: Martin Roth <martinroth at google.com>
---
src/soc/intel/skylake/romstage/spi.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/soc/intel/skylake/romstage/spi.c b/src/soc/intel/skylake/romstage/spi.c
index db69cbe..88a1167 100644
--- a/src/soc/intel/skylake/romstage/spi.c
+++ b/src/soc/intel/skylake/romstage/spi.c
@@ -23,7 +23,7 @@
*/
int early_spi_read_wpsr(u8 *sr)
{
- uint8_t rdsr;
+ uint8_t rdsr[SPI_READ_STATUS_LENGTH];
int ret = 0;
spi_init();
@@ -31,12 +31,12 @@ int early_spi_read_wpsr(u8 *sr)
/* sending NULL for spiflash struct parameter since we are not
* calling HWSEQ read_status() call via Probe.
*/
- ret = pch_hwseq_read_status(NULL, &rdsr);
+ ret = pch_hwseq_read_status(NULL, rdsr);
if (ret) {
printk(BIOS_ERR, "SPI rdsr failed\n");
return ret;
}
- *sr = rdsr & WPSR_MASK_SRP0_BIT;
+ *sr = rdsr[0] & WPSR_MASK_SRP0_BIT;
return 0;
}
More information about the coreboot-gerrit
mailing list