From 1b5eda02332db0182b282a2afc960d6899c0b31a Mon Sep 17 00:00:00 2001 From: Ryan Salsamendi Date: Sun, 11 Jun 2017 18:50:32 -0700 Subject: arch/x86/smbios: Fix undefined behavior MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes report found by undefined behavior sanitizer. Dereferencing a pointer that's not aligned to the size of access is undefined behavior. The report triggered for smbios_cpu_vendor(). Also fixes the same issue in smbios_processor_name() found by inspection. Change-Id: I1b7d08655edce729e107a5b6e61ee509ebde33b6 Signed-off-by: Ryan Salsamendi Reviewed-on: https://review.coreboot.org/20154 Tested-by: build bot (Jenkins) Reviewed-by: Nico Huber Reviewed-by: Aaron Durbin Reviewed-by: Philippe Mathieu-Daudé --- src/arch/x86/smbios.c | 44 +++++++++++++++++++++----------------------- 1 file changed, 21 insertions(+), 23 deletions(-) diff --git a/src/arch/x86/smbios.c b/src/arch/x86/smbios.c index 0909900ca7..2bbf3c9a20 100644 --- a/src/arch/x86/smbios.c +++ b/src/arch/x86/smbios.c @@ -86,42 +86,40 @@ int smbios_string_table_len(char *start) static int smbios_cpu_vendor(char *start) { - char tmp[13] = "Unknown"; - u32 *_tmp = (u32 *)tmp; - struct cpuid_result res; - if (cpu_have_cpuid()) { - res = cpuid(0); - _tmp[0] = res.ebx; - _tmp[1] = res.edx; - _tmp[2] = res.ecx; - tmp[12] = '\0'; + u32 tmp[4]; + const struct cpuid_result res = cpuid(0); + tmp[0] = res.ebx; + tmp[1] = res.edx; + tmp[2] = res.ecx; + tmp[3] = 0; + return smbios_add_string(start, (const char *)tmp); + } else { + return smbios_add_string(start, "Unknown"); } - - return smbios_add_string(start, tmp); } static int smbios_processor_name(char *start) { - char tmp[49] = "Unknown Processor Name"; - u32 *_tmp = (u32 *)tmp; - struct cpuid_result res; - int i; - + const char *str = "Unknown Processor Name"; if (cpu_have_cpuid()) { - res = cpuid(0x80000000); + int i; + struct cpuid_result res = cpuid(0x80000000); if (res.eax >= 0x80000004) { + u32 tmp[13]; + int j = 0; for (i = 0; i < 3; i++) { res = cpuid(0x80000002 + i); - _tmp[i * 4 + 0] = res.eax; - _tmp[i * 4 + 1] = res.ebx; - _tmp[i * 4 + 2] = res.ecx; - _tmp[i * 4 + 3] = res.edx; + tmp[j++] = res.eax; + tmp[j++] = res.ebx; + tmp[j++] = res.ecx; + tmp[j++] = res.edx; } - tmp[48] = 0; + tmp[12] = 0; + str = (const char *)tmp; } } - return smbios_add_string(start, tmp); + return smbios_add_string(start, str); } /* this function will fill the corresponding manufacturer */ -- cgit v1.2.3