[coreboot-gerrit] Patch set updated for coreboot: f2e2def northbridge/intel: Out of bounds write to array in gma.h
Edward O'Callaghan (eocallaghan@alterapraxis.com)
gerrit at coreboot.org
Sun Aug 3 12:42:14 CEST 2014
Edward O'Callaghan (eocallaghan at alterapraxis.com) just uploaded a new patch set to gerrit, which you can find at http://review.coreboot.org/6473
-gerrit
commit f2e2defadca00617d727a2bf07b23edb83431c30
Author: Edward O'Callaghan <eocallaghan at alterapraxis.com>
Date: Sun Aug 3 18:49:46 2014 +1000
northbridge/intel: Out of bounds write to array in gma.h
The signature[] array in the mailboxe struct opregion_header_t has
IGD_OPREGION_SIGNATURE written to it with a
sizeof(IGD_OPREGION_SIGNATURE) and not a sizeof(signature[]). This
resulted in a silent off-by-one out of bounds illegal write.
Change-Id: I651620a753c743dd2ed2af51c012c27c14a5ea25
Found-by: Coverity Scan
Signed-off-by: Edward O'Callaghan <eocallaghan at alterapraxis.com>
---
src/northbridge/intel/fsp_sandybridge/gma.h | 2 +-
src/northbridge/intel/haswell/gma.h | 2 +-
src/northbridge/intel/nehalem/gma.h | 2 +-
src/northbridge/intel/sandybridge/gma.h | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/northbridge/intel/fsp_sandybridge/gma.h b/src/northbridge/intel/fsp_sandybridge/gma.h
index cdf5d91..5e0acf3 100644
--- a/src/northbridge/intel/fsp_sandybridge/gma.h
+++ b/src/northbridge/intel/fsp_sandybridge/gma.h
@@ -19,7 +19,7 @@
/* mailbox 0: header */
typedef struct {
- u8 signature[16];
+ u8 signature[17];
u32 size;
u32 version;
u8 sbios_version[32];
diff --git a/src/northbridge/intel/haswell/gma.h b/src/northbridge/intel/haswell/gma.h
index 29281ba..b885d27 100644
--- a/src/northbridge/intel/haswell/gma.h
+++ b/src/northbridge/intel/haswell/gma.h
@@ -19,7 +19,7 @@
/* mailbox 0: header */
typedef struct {
- u8 signature[16];
+ u8 signature[17];
u32 size;
u32 version;
u8 sbios_version[32];
diff --git a/src/northbridge/intel/nehalem/gma.h b/src/northbridge/intel/nehalem/gma.h
index fdea85a..e3f6012 100644
--- a/src/northbridge/intel/nehalem/gma.h
+++ b/src/northbridge/intel/nehalem/gma.h
@@ -23,7 +23,7 @@
/* mailbox 0: header */
typedef struct {
- u8 signature[16];
+ u8 signature[17];
u32 size;
u32 version;
u8 sbios_version[32];
diff --git a/src/northbridge/intel/sandybridge/gma.h b/src/northbridge/intel/sandybridge/gma.h
index bc5d986..34bd643 100644
--- a/src/northbridge/intel/sandybridge/gma.h
+++ b/src/northbridge/intel/sandybridge/gma.h
@@ -19,7 +19,7 @@
/* mailbox 0: header */
typedef struct {
- u8 signature[16];
+ u8 signature[17];
u32 size;
u32 version;
u8 sbios_version[32];
More information about the coreboot-gerrit
mailing list