diff options
author | Edward O'Callaghan <eocallaghan@alterapraxis.com> | 2014-08-03 23:38:17 +1000 |
---|---|---|
committer | Edward O'Callaghan <eocallaghan@alterapraxis.com> | 2014-08-04 14:01:52 +0200 |
commit | 2b48b65b1980c4edb6391e4ccf6b1bd8313be944 (patch) | |
tree | 11fc4127f93ef4ed4d4c6c407adade6cf641a27d /src | |
parent | 5cfef13f8d13b378f72b61ba3e4d7eee065f6d26 (diff) | |
download | coreboot-2b48b65b1980c4edb6391e4ccf6b1bd8313be944.tar.xz |
northbridge/intel: Out of bounds write to array in gma.h
The signature[] array in the mailbox struct opregion_header_t has
IGD_OPREGION_SIGNATURE written to it with a
sizeof(IGD_OPREGION_SIGNATURE) and not a sizeof(signature[]). This
resulted in a silent off-by-one out of bounds illegal write.
Change-Id: I651620a753c743dd2ed2af51c012c27c14a5ea25
Found-by: Coverity Scan
Signed-off-by: Edward O'Callaghan <eocallaghan@alterapraxis.com>
Reviewed-on: http://review.coreboot.org/6473
Tested-by: build bot (Jenkins)
Reviewed-by: Patrick Georgi <patrick@georgi-clan.de>
Diffstat (limited to 'src')
-rw-r--r-- | src/northbridge/intel/fsp_sandybridge/acpi.c | 2 | ||||
-rw-r--r-- | src/northbridge/intel/haswell/acpi.c | 2 | ||||
-rw-r--r-- | src/northbridge/intel/nehalem/acpi.c | 2 | ||||
-rw-r--r-- | src/northbridge/intel/sandybridge/acpi.c | 2 |
4 files changed, 4 insertions, 4 deletions
diff --git a/src/northbridge/intel/fsp_sandybridge/acpi.c b/src/northbridge/intel/fsp_sandybridge/acpi.c index 3e47ed428b..faef4d71f9 100644 --- a/src/northbridge/intel/fsp_sandybridge/acpi.c +++ b/src/northbridge/intel/fsp_sandybridge/acpi.c @@ -142,7 +142,7 @@ int init_igd_opregion(igd_opregion_t *opregion) // FIXME if IGD is disabled, we should exit here. memcpy(&opregion->header.signature, IGD_OPREGION_SIGNATURE, - sizeof(IGD_OPREGION_SIGNATURE)); + sizeof(opregion->header.signature)); /* 8kb */ opregion->header.size = sizeof(igd_opregion_t) / 1024; diff --git a/src/northbridge/intel/haswell/acpi.c b/src/northbridge/intel/haswell/acpi.c index 964a9d3b5f..b2fab11e58 100644 --- a/src/northbridge/intel/haswell/acpi.c +++ b/src/northbridge/intel/haswell/acpi.c @@ -140,7 +140,7 @@ int init_igd_opregion(igd_opregion_t *opregion) // FIXME if IGD is disabled, we should exit here. memcpy(&opregion->header.signature, IGD_OPREGION_SIGNATURE, - sizeof(IGD_OPREGION_SIGNATURE)); + sizeof(opregion->header.signature)); /* 8kb */ opregion->header.size = sizeof(igd_opregion_t) / 1024; diff --git a/src/northbridge/intel/nehalem/acpi.c b/src/northbridge/intel/nehalem/acpi.c index 077cedaa95..0ede2376e4 100644 --- a/src/northbridge/intel/nehalem/acpi.c +++ b/src/northbridge/intel/nehalem/acpi.c @@ -139,7 +139,7 @@ int init_igd_opregion(igd_opregion_t * opregion) // FIXME if IGD is disabled, we should exit here. memcpy(&opregion->header.signature, IGD_OPREGION_SIGNATURE, - sizeof(IGD_OPREGION_SIGNATURE)); + sizeof(opregion->header.signature)); /* 8kb */ opregion->header.size = sizeof(igd_opregion_t) / 1024; diff --git a/src/northbridge/intel/sandybridge/acpi.c b/src/northbridge/intel/sandybridge/acpi.c index 398cb308f7..58e3b544f5 100644 --- a/src/northbridge/intel/sandybridge/acpi.c +++ b/src/northbridge/intel/sandybridge/acpi.c @@ -142,7 +142,7 @@ int init_igd_opregion(igd_opregion_t *opregion) // FIXME if IGD is disabled, we should exit here. memcpy(&opregion->header.signature, IGD_OPREGION_SIGNATURE, - sizeof(IGD_OPREGION_SIGNATURE)); + sizeof(opregion->header.signature)); /* 8kb */ opregion->header.size = sizeof(igd_opregion_t) / 1024; |