diff options
author | Joe Moore <awokd@danwin1210.me> | 2020-01-01 16:11:03 -0700 |
---|---|---|
committer | Nico Huber <nico.h@gmx.de> | 2020-01-10 14:56:02 +0000 |
commit | bf224f85d01f8f902303072bc1b5875ea410eee5 (patch) | |
tree | 2173eb0b749f0b06bdcef8e743ba3087ea81c802 /src/vendorcode/amd | |
parent | 7f996244a923dad58f72b849c565367fbd641632 (diff) | |
download | coreboot-bf224f85d01f8f902303072bc1b5875ea410eee5.tar.xz |
vc/amd/agesa/f16kb/Proc/GNB: Fix out-of-bounds read
Incorrect values read from a different memory region will cause
incorrect computations. VceFlags array size should be 4 based on
similar code in f15 branch, and because
f16kb/Proc/GNB/Modules/GnbInitKB/GnbF1TableKB.c only loads
4 values for VceFlags in DefaultPpF1ArrayKB. Leaving it at 5
results in an out-of-bounds read of PP_FUSE_ARRAY_V2_fld16
in line 901 of
f16kb/Proc/GNB/Modules/GnbGfxIntTableV3/GfxPwrPlayTable.c
when Index reaches 4.
Change-Id: I0242c0634e66616018e6df04ac6f1505b82a630f
Signed-off-by: Joe Moore <awokd@danwin1210.me>
Found-by: Coverity CID 1241878
Reviewed-on: https://review.coreboot.org/c/coreboot/+/38056
Reviewed-by: Paul Menzel <paulepanter@users.sourceforge.net>
Reviewed-by: Mike Banon <mikebdp2@gmail.com>
Tested-by: build bot (Jenkins) <no-reply@coreboot.org>
Diffstat (limited to 'src/vendorcode/amd')
-rw-r--r-- | src/vendorcode/amd/agesa/f16kb/Proc/GNB/Common/GnbF1Table.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Common/GnbF1Table.h b/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Common/GnbF1Table.h index add550924b..90df07c3f3 100644 --- a/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Common/GnbF1Table.h +++ b/src/vendorcode/amd/agesa/f16kb/Proc/GNB/Common/GnbF1Table.h @@ -66,7 +66,7 @@ typedef struct { UINT32 PP_FUSE_ARRAY_V2_fld11; UINT32 PP_FUSE_ARRAY_V2_fld12; BOOLEAN PP_FUSE_ARRAY_V2_fld13; - UINT8 VceFlags[5]; ///< VCE Flags + UINT8 VceFlags[4]; ///< VCE Flags UINT8 VceMclk; ///< MCLK for VCE UINT8 PP_FUSE_ARRAY_V2_fld16[4]; UINT8 EclkDid[5]; ///< Eclk DID |