From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) by mx.groups.io with SMTP id smtpd.web10.11004.1684391335691335914 for ; Wed, 17 May 2023 23:28:55 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@ventanamicro.com header.s=google header.b=NSTZJls0; spf=pass (domain: ventanamicro.com, ip: 209.85.210.195, mailfrom: rsingh@ventanamicro.com) Received: by mail-pf1-f195.google.com with SMTP id d2e1a72fcca58-64388cf3263so1187348b3a.3 for ; Wed, 17 May 2023 23:28:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ventanamicro.com; s=google; t=1684391335; x=1686983335; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=KmPYazd/sEH7zzsADTkXZMGnV9ZZIui1ovQaqL+Lpxk=; b=NSTZJls0cDW0IZqYApv5osxVkno7TsaG/OF8pBuDs0TBmezwzbw/dv/cadv7ra13/+ OzV3umOrHXK0NyAES3UyvDgfrhN4lthHl+1VyFFr0qnRPOlb7p/yJQtIcOqVXH0xZ83h b2Z+0iRk3V6slu41LDdehvSXMlD5z8erer65834E6laRsO1xvi/SQrGUz4eERPsQ5MMU bhZl9r4QxxXYrMSjH5fQ6AsjvpjmKAJbLrNbcnK49IaNIO+xqZPsU9RXA8i4d2ztEJV9 pNHqsnUfxG6XGx5PIhr2UFIElfFmUdJ4MOva4RJSgE979xLtOUhGP5xTGu7z9h8jikEE 6zdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684391335; x=1686983335; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KmPYazd/sEH7zzsADTkXZMGnV9ZZIui1ovQaqL+Lpxk=; b=OF/BaOPmLUrZsN7jFSMhW2BD3hISGzoHiFJHqUSlCfZX8thAkgERuwBAppSMW+i3sH slr+/iLPMJ+QypPnMnUJlb6Ni3kR5JJ8/KG3hax6ATXEcw/ri2Ya+XJrGLubApsWU3iU 57RnGMBgdYBCqGUpkVUJgolpy0/bLxgOPvQpFuQqs48BsNzL2cNpyyWf9ywWQAj4jzX5 14JC18Y/mDsIw2eonjcae+dl56VH9g7BQeWc5wyAWV61gMfdOjX49ShktHwpAoOQbz/V lbZW0VZAS2GEIYnys2suYShVJyDu6bcdhdLg4+y3puwm+f1fLOC4QYYJDVLozltRfz/K rRmA== X-Gm-Message-State: AC+VfDxAEQhixTpZMnkLNKWzRfkyxdY2cwkwMXaBniYYxGEmmXokoRLL 5case7GsLolA6x7WSHyYhi503B68Z9ox42bCXMqUyiPm X-Google-Smtp-Source: ACHHUZ7TNAmrnAOdS9NDQDrVdzg44V0dZBM34vIJPwswtEubrilSPZQKxF17TbV6vnar+W1wBsnwkg== X-Received: by 2002:a05:6a00:a82:b0:64c:ae1c:33ac with SMTP id b2-20020a056a000a8200b0064cae1c33acmr3085955pfl.25.1684391335018; Wed, 17 May 2023 23:28:55 -0700 (PDT) Return-Path: Received: from user-Latitude-5420.. ([106.51.83.242]) by smtp.gmail.com with ESMTPSA id a28-20020a631a1c000000b0051eff0a70d7sm468960pga.94.2023.05.17.23.28.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 May 2023 23:28:54 -0700 (PDT) From: Ranbir Singh To: devel@edk2.groups.io Cc: Chasel Chiu , Nate DeSimone , Star Zeng , Ranbir Singh Subject: [PATCH 1/1] IntelFsp2Pkg/Library/BaseFspCommonLib: Fix OVERRUN Coverity issue Date: Thu, 18 May 2023 11:58:51 +0530 Message-Id: <20230518062851.184724-1-rsingh@ventanamicro.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable FspData->PerfIdx is getting increased for every call unconditionally in the function SetFspMeasurePoint and hence memory access can happen for out of bound FspData->PerfData[] array entries also. Example - FspData->PerfData is an array of 32 UINT64 entries. Assume a call is made to SetFspMeasurePoint function when the FspData->PerfIdx last value is 31. It gets incremented to 32 at line 400. Any subsequent call to SetFspMeasurePoint functions leads to FspData->PerfData[32] getting accessed which is out of the PerfData array as well as the FSP_GLOBAL_DATA structure boundary. Hence keep array access and index increment inside if block only and return invalid performance timestamp when PerfIdx is invalid. Cc: Chasel Chiu Cc: Nate DeSimone Cc: Star Zeng REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4200 Signed-off-by: Ranbir Singh Signed-off-by: Ranbir Singh --- IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c b/IntelFs= p2Pkg/Library/BaseFspCommonLib/FspCommonLib.c index a22b0e7825ad..cda2a7b2478e 100644 --- a/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c +++ b/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c @@ -377,7 +377,8 @@ GetFspSiliconInitUpdDataPointer ( =0D @param[in] Id Measurement point ID.=0D =0D - @return performance timestamp.=0D + @return performance timestamp if current PerfIdx is valid,=0D + else return 0 as invalid performance timestamp=0D **/=0D UINT64=0D EFIAPI=0D @@ -395,9 +396,10 @@ SetFspMeasurePoint ( if (FspData->PerfIdx < sizeof (FspData->PerfData) / sizeof (FspData->Per= fData[0])) {=0D FspData->PerfData[FspData->PerfIdx] =3D AsmReadTsc ()= ;=0D ((UINT8 *)(&FspData->PerfData[FspData->PerfIdx]))[7] =3D Id;=0D + return FspData->PerfData[(FspData->PerfIdx)++];=0D }=0D =0D - return FspData->PerfData[(FspData->PerfIdx)++];=0D + return (UINT64)0x0000000000000000;=0D }=0D =0D /**=0D --=20 2.34.1