diff options
author | Ryan Salsamendi <rsalsamendi@hotmail.com> | 2017-06-11 18:50:32 -0700 |
---|---|---|
committer | Martin Roth <martinroth@google.com> | 2017-06-20 03:15:48 +0200 |
commit | 1b5eda02332db0182b282a2afc960d6899c0b31a (patch) | |
tree | b439a5c16f04a87a36a139c93d2a6ae75acbddc5 | |
parent | f511c1f11895397606be103823fd3a33c6e92811 (diff) | |
download | coreboot-1b5eda02332db0182b282a2afc960d6899c0b31a.tar.xz |
arch/x86/smbios: Fix undefined behavior
Fixes report found by undefined behavior sanitizer. Dereferencing a
pointer that's not aligned to the size of access is undefined behavior.
The report triggered for smbios_cpu_vendor(). Also fixes the same issue
in smbios_processor_name() found by inspection.
Change-Id: I1b7d08655edce729e107a5b6e61ee509ebde33b6
Signed-off-by: Ryan Salsamendi <rsalsamendi@hotmail.com>
Reviewed-on: https://review.coreboot.org/20154
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Reviewed-by: Nico Huber <nico.h@gmx.de>
Reviewed-by: Aaron Durbin <adurbin@chromium.org>
Reviewed-by: Philippe Mathieu-Daudé <philippe.mathieu.daude@gmail.com>
-rw-r--r-- | src/arch/x86/smbios.c | 44 |
1 files changed, 21 insertions, 23 deletions
diff --git a/src/arch/x86/smbios.c b/src/arch/x86/smbios.c index 0909900ca7..2bbf3c9a20 100644 --- a/src/arch/x86/smbios.c +++ b/src/arch/x86/smbios.c @@ -86,42 +86,40 @@ int smbios_string_table_len(char *start) static int smbios_cpu_vendor(char *start) { - char tmp[13] = "Unknown"; - u32 *_tmp = (u32 *)tmp; - struct cpuid_result res; - if (cpu_have_cpuid()) { - res = cpuid(0); - _tmp[0] = res.ebx; - _tmp[1] = res.edx; - _tmp[2] = res.ecx; - tmp[12] = '\0'; + u32 tmp[4]; + const struct cpuid_result res = cpuid(0); + tmp[0] = res.ebx; + tmp[1] = res.edx; + tmp[2] = res.ecx; + tmp[3] = 0; + return smbios_add_string(start, (const char *)tmp); + } else { + return smbios_add_string(start, "Unknown"); } - - return smbios_add_string(start, tmp); } static int smbios_processor_name(char *start) { - char tmp[49] = "Unknown Processor Name"; - u32 *_tmp = (u32 *)tmp; - struct cpuid_result res; - int i; - + const char *str = "Unknown Processor Name"; if (cpu_have_cpuid()) { - res = cpuid(0x80000000); + int i; + struct cpuid_result res = cpuid(0x80000000); if (res.eax >= 0x80000004) { + u32 tmp[13]; + int j = 0; for (i = 0; i < 3; i++) { res = cpuid(0x80000002 + i); - _tmp[i * 4 + 0] = res.eax; - _tmp[i * 4 + 1] = res.ebx; - _tmp[i * 4 + 2] = res.ecx; - _tmp[i * 4 + 3] = res.edx; + tmp[j++] = res.eax; + tmp[j++] = res.ebx; + tmp[j++] = res.ecx; + tmp[j++] = res.edx; } - tmp[48] = 0; + tmp[12] = 0; + str = (const char *)tmp; } } - return smbios_add_string(start, tmp); + return smbios_add_string(start, str); } /* this function will fill the corresponding manufacturer */ |