[coreboot-gerrit] New patch to review for coreboot: de3e51b amd/agesa/f1?/Lib/amdlib.c: Integer overflow in loop construct

Edward O'Callaghan (eocallaghan@alterapraxis.com) gerrit at coreboot.org
Wed May 21 19:54:35 CEST 2014


Edward O'Callaghan (eocallaghan at alterapraxis.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/5801

-gerrit

commit de3e51b1c20aafb5f764156892fe58323fa416b1
Author: Edward O'Callaghan <eocallaghan at alterapraxis.com>
Date:   Thu May 22 03:36:22 2014 +1000

    amd/agesa/f1?/Lib/amdlib.c: Integer overflow in loop construct
    
    The semantics of this loop relies on an integer overflow in Index >=0
    that implies a return value of (UINT8)-1 which around wraps to 0xFF, or
    VOLT_UNSUPPORTED.
    
    Change-Id: I44d68973d0a80093350b2a8a4d3b46bfbb57917a
    Signed-off-by: Edward O'Callaghan <eocallaghan at alterapraxis.com>
---
 src/vendorcode/amd/agesa/f10/Lib/amdlib.c   | 6 +++---
 src/vendorcode/amd/agesa/f12/Lib/amdlib.c   | 6 +++---
 src/vendorcode/amd/agesa/f14/Lib/amdlib.c   | 6 +++---
 src/vendorcode/amd/agesa/f15/Lib/amdlib.c   | 6 +++---
 src/vendorcode/amd/agesa/f15tn/Lib/amdlib.c | 6 +++---
 5 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/vendorcode/amd/agesa/f10/Lib/amdlib.c b/src/vendorcode/amd/agesa/f10/Lib/amdlib.c
index d88eee7..83e6a00 100644
--- a/src/vendorcode/amd/agesa/f10/Lib/amdlib.c
+++ b/src/vendorcode/amd/agesa/f10/Lib/amdlib.c
@@ -344,11 +344,11 @@ LibAmdBitScanReverse (
   IN       UINT32 value
 )
 {
-  UINTN Index;
+  UINT8 Index;
   for (Index = 31; Index >= 0; Index--){
-      if (value & (1 << Index)) break;
+      if (value & (1 << Index)) return Index;
   }
-  return (UINT8) Index;
+  return 0xFF;
 }
 VOID
 LibAmdMsrRead (
diff --git a/src/vendorcode/amd/agesa/f12/Lib/amdlib.c b/src/vendorcode/amd/agesa/f12/Lib/amdlib.c
index cb8f695..f88eb98 100644
--- a/src/vendorcode/amd/agesa/f12/Lib/amdlib.c
+++ b/src/vendorcode/amd/agesa/f12/Lib/amdlib.c
@@ -348,11 +348,11 @@ LibAmdBitScanReverse (
   IN       UINT32 value
 )
 {
-  UINTN Index;
+  UINT8 Index;
   for (Index = 31; Index >= 0; Index--){
-      if (value & (1 << Index)) break;
+      if (value & (1 << Index)) return Index;
   }
-  return (UINT8) Index;
+  return 0xFF;
 }
 VOID
 LibAmdMsrRead (
diff --git a/src/vendorcode/amd/agesa/f14/Lib/amdlib.c b/src/vendorcode/amd/agesa/f14/Lib/amdlib.c
index 31b3f1e..c1fa494 100644
--- a/src/vendorcode/amd/agesa/f14/Lib/amdlib.c
+++ b/src/vendorcode/amd/agesa/f14/Lib/amdlib.c
@@ -348,11 +348,11 @@ LibAmdBitScanReverse (
   IN       UINT32 value
 )
 {
-  UINTN Index;
+  UINT8 Index;
   for (Index = 31; Index >= 0; Index--){
-      if (value & (1 << Index)) break;
+      if (value & (1 << Index)) return Index;
   }
-  return (UINT8) Index;
+  return 0xFF;
 }
 VOID
 LibAmdMsrRead (
diff --git a/src/vendorcode/amd/agesa/f15/Lib/amdlib.c b/src/vendorcode/amd/agesa/f15/Lib/amdlib.c
index e51a971..1180ad2 100644
--- a/src/vendorcode/amd/agesa/f15/Lib/amdlib.c
+++ b/src/vendorcode/amd/agesa/f15/Lib/amdlib.c
@@ -348,11 +348,11 @@ LibAmdBitScanReverse (
   IN       UINT32 value
 )
 {
-  UINTN Index;
+  UINT8 Index;
   for (Index = 31; Index >= 0; Index--){
-      if (value & (1 << Index)) break;
+      if (value & (1 << Index)) return Index;
   }
-  return (UINT8) Index;
+  return 0xFF;
 }
 
 UINT64
diff --git a/src/vendorcode/amd/agesa/f15tn/Lib/amdlib.c b/src/vendorcode/amd/agesa/f15tn/Lib/amdlib.c
index 55adc8a..9646e6d 100644
--- a/src/vendorcode/amd/agesa/f15tn/Lib/amdlib.c
+++ b/src/vendorcode/amd/agesa/f15tn/Lib/amdlib.c
@@ -359,11 +359,11 @@ LibAmdBitScanReverse (
   IN       UINT32 value
 )
 {
-  UINTN Index;
+  UINT8 Index;
   for (Index = 31; Index >= 0; Index--){
-      if (value & (1 << Index)) break;
+      if (value & (1 << Index)) return Index;
   }
-  return (UINT8) Index;
+  return 0xFF;
 }
 VOID
 LibAmdMsrRead (



More information about the coreboot-gerrit mailing list