From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195])
 by mx.groups.io with SMTP id smtpd.web10.11004.1684391335691335914
 for <devel@edk2.groups.io>;
 Wed, 17 May 2023 23:28:55 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@ventanamicro.com header.s=google header.b=NSTZJls0;
 spf=pass (domain: ventanamicro.com, ip: 209.85.210.195, mailfrom: rsingh@ventanamicro.com)
Received: by mail-pf1-f195.google.com with SMTP id d2e1a72fcca58-64388cf3263so1187348b3a.3
        for <devel@edk2.groups.io>; Wed, 17 May 2023 23:28:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ventanamicro.com; s=google; t=1684391335; x=1686983335;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=KmPYazd/sEH7zzsADTkXZMGnV9ZZIui1ovQaqL+Lpxk=;
        b=NSTZJls0cDW0IZqYApv5osxVkno7TsaG/OF8pBuDs0TBmezwzbw/dv/cadv7ra13/+
         OzV3umOrHXK0NyAES3UyvDgfrhN4lthHl+1VyFFr0qnRPOlb7p/yJQtIcOqVXH0xZ83h
         b2Z+0iRk3V6slu41LDdehvSXMlD5z8erer65834E6laRsO1xvi/SQrGUz4eERPsQ5MMU
         bhZl9r4QxxXYrMSjH5fQ6AsjvpjmKAJbLrNbcnK49IaNIO+xqZPsU9RXA8i4d2ztEJV9
         pNHqsnUfxG6XGx5PIhr2UFIElfFmUdJ4MOva4RJSgE979xLtOUhGP5xTGu7z9h8jikEE
         6zdw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1684391335; x=1686983335;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=KmPYazd/sEH7zzsADTkXZMGnV9ZZIui1ovQaqL+Lpxk=;
        b=OF/BaOPmLUrZsN7jFSMhW2BD3hISGzoHiFJHqUSlCfZX8thAkgERuwBAppSMW+i3sH
         slr+/iLPMJ+QypPnMnUJlb6Ni3kR5JJ8/KG3hax6ATXEcw/ri2Ya+XJrGLubApsWU3iU
         57RnGMBgdYBCqGUpkVUJgolpy0/bLxgOPvQpFuQqs48BsNzL2cNpyyWf9ywWQAj4jzX5
         14JC18Y/mDsIw2eonjcae+dl56VH9g7BQeWc5wyAWV61gMfdOjX49ShktHwpAoOQbz/V
         lbZW0VZAS2GEIYnys2suYShVJyDu6bcdhdLg4+y3puwm+f1fLOC4QYYJDVLozltRfz/K
         rRmA==
X-Gm-Message-State: AC+VfDxAEQhixTpZMnkLNKWzRfkyxdY2cwkwMXaBniYYxGEmmXokoRLL
	5case7GsLolA6x7WSHyYhi503B68Z9ox42bCXMqUyiPm
X-Google-Smtp-Source: ACHHUZ7TNAmrnAOdS9NDQDrVdzg44V0dZBM34vIJPwswtEubrilSPZQKxF17TbV6vnar+W1wBsnwkg==
X-Received: by 2002:a05:6a00:a82:b0:64c:ae1c:33ac with SMTP id b2-20020a056a000a8200b0064cae1c33acmr3085955pfl.25.1684391335018;
        Wed, 17 May 2023 23:28:55 -0700 (PDT)
Return-Path: <rsingh@ventanamicro.com>
Received: from user-Latitude-5420.. ([106.51.83.242])
        by smtp.gmail.com with ESMTPSA id a28-20020a631a1c000000b0051eff0a70d7sm468960pga.94.2023.05.17.23.28.53
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 17 May 2023 23:28:54 -0700 (PDT)
From: Ranbir Singh <rsingh@ventanamicro.com>
To: devel@edk2.groups.io
Cc: Chasel Chiu <chasel.chiu@intel.com>,
	Nate DeSimone <nathaniel.l.desimone@intel.com>,
	Star Zeng <star.zeng@intel.com>,
	Ranbir Singh <Ranbir.Singh3@Dell.com>
Subject: [PATCH 1/1] IntelFsp2Pkg/Library/BaseFspCommonLib: Fix OVERRUN Coverity issue
Date: Thu, 18 May 2023 11:58:51 +0530
Message-Id: <20230518062851.184724-1-rsingh@ventanamicro.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

FspData->PerfIdx is getting increased for every call unconditionally
in the function SetFspMeasurePoint and hence memory access can happen
for out of bound FspData->PerfData[] array entries also.

Example -
   FspData->PerfData is an array of 32 UINT64 entries. Assume a call
   is made to SetFspMeasurePoint function when the FspData->PerfIdx
   last value is 31. It gets incremented to 32 at line 400.
   Any subsequent call to SetFspMeasurePoint functions leads to
   FspData->PerfData[32] getting accessed which is out of the PerfData
   array as well as the FSP_GLOBAL_DATA structure boundary.

Hence keep array access and index increment inside if block only and
return invalid performance timestamp when PerfIdx is invalid.

Cc: Chasel Chiu <chasel.chiu@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4200
Signed-off-by: Ranbir Singh <Ranbir.Singh3@Dell.com>
Signed-off-by: Ranbir Singh <rsingh@ventanamicro.com>
---
 IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c b/IntelFs=
p2Pkg/Library/BaseFspCommonLib/FspCommonLib.c
index a22b0e7825ad..cda2a7b2478e 100644
--- a/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c
+++ b/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c
@@ -377,7 +377,8 @@ GetFspSiliconInitUpdDataPointer (
 =0D
   @param[in] Id       Measurement point ID.=0D
 =0D
-  @return performance timestamp.=0D
+  @return performance timestamp if current PerfIdx is valid,=0D
+          else return 0 as invalid performance timestamp=0D
 **/=0D
 UINT64=0D
 EFIAPI=0D
@@ -395,9 +396,10 @@ SetFspMeasurePoint (
   if (FspData->PerfIdx < sizeof (FspData->PerfData) / sizeof (FspData->Per=
fData[0])) {=0D
     FspData->PerfData[FspData->PerfIdx]                  =3D AsmReadTsc ()=
;=0D
     ((UINT8 *)(&FspData->PerfData[FspData->PerfIdx]))[7] =3D Id;=0D
+    return FspData->PerfData[(FspData->PerfIdx)++];=0D
   }=0D
 =0D
-  return FspData->PerfData[(FspData->PerfIdx)++];=0D
+  return (UINT64)0x0000000000000000;=0D
 }=0D
 =0D
 /**=0D
--=20
2.34.1