From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by mx.groups.io with SMTP id smtpd.web11.3314.1685424181556096436 for ; Mon, 29 May 2023 22:23:01 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=FSLxVN3m; spf=pass (domain: intel.com, ip: 192.55.52.88, mailfrom: chasel.chiu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1685424181; x=1716960181; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=0wjGxpESvBkNVic47FlIC3O6bAIkZIVEJTSA5gvuM78=; b=FSLxVN3mO74BiGEKKXBuuw82QEMXloON7iSXK9jOHiOSgur8yA3bLAHN mmIIHQ3ZQswMgN4CBQC0VWEc4ndo+gNtZ/BzjdyEZuosWqlAuKG8omjP9 qcDsnAwTYxQmim+HV3GYYn3UXy/qGs3yAywWBGTz03MEl2NlPMHP7eotP L547Ddoukqiu6+NaZB1ZQDEKUCZdpC2XIGFqJaeyRUHhDx39VHSOd8Su2 +i8dB9pMBBAwjEsDmZq3MsKuIW7qtYWMbXetQI1smL9rdByJR4LMfvoSt shFis63m5honm5iEqWK3J2YsTyLMOuQSAgzxs8LELEkT3XfbaMLEOyowu g==; X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="383075095" X-IronPort-AV: E=Sophos;i="6.00,203,1681196400"; d="scan'208";a="383075095" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga101.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 May 2023 22:23:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10725"; a="776159677" X-IronPort-AV: E=Sophos;i="6.00,203,1681196400"; d="scan'208";a="776159677" Received: from orsmsx601.amr.corp.intel.com ([10.22.229.14]) by fmsmga004.fm.intel.com with ESMTP; 29 May 2023 22:23:00 -0700 Received: from orsmsx612.amr.corp.intel.com (10.22.229.25) by ORSMSX601.amr.corp.intel.com (10.22.229.14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Mon, 29 May 2023 22:23:00 -0700 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX612.amr.corp.intel.com (10.22.229.25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Mon, 29 May 2023 22:22:59 -0700 Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Mon, 29 May 2023 22:22:59 -0700 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.42) by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Mon, 29 May 2023 22:22:57 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FPhFD/BU63EeyX3QAd4WmidzaGN1IVJTxdeAyda3MuBj31RdYgoB3MFmxW5HlnSisvERIqQongLzaoyVRIGvpiJGSJMFH/22axzwoMNV6UTIYgrmaRF+KwRp2Re4c8VuTxvh1JNYjJQv9y5fxw+u8iK3JlddzUcI2UVVIG9RHcqpKEhExzUoSexyZGrKyfItWk2yRS2J3beEnxI5aSDBDLJrNYe/c9ouMWutFSX7BOPHFDTzjoTcSURHcAokcXxa0UcNqrjZGhVEIV5kDKJnIpPPTnq6rEdCnBAmqDLz7HMIwJxgx+TrUW4WPxumaVl8FcIToKWEr4fZg3EHbw9nVg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tu0nEcvPzo4d7zST8rlXJnT5Ywtvi1YCtBrF9LJuuEs=; b=N5f/guQn0MkdsOn8hAZefGn8pX8rch7gkJeYGZSbCu+Y3lWi5ZLJIbN1/xS+MDdAGngWiiCZzX27IilFTf8h5Iz7h7S5yWF9QTO0h13vwOBi4W1aSxyXQ+d8ynG/Trg6BKLXLZhjxOKeG7mJku2jQFnSVNtxZ7lJtvHWVhI8IcXHxh5N9VC3hWaZzWUQktomI2dizTTLQ3Uol3MbFoFiuEG2lWNALWVruKflm9iyu1Nu760nksj4ULnZdKPz7MKznEay3a1nM/IHUkfJFmDMstaOC4jYFBE+p/X+fol4tTWuesYDDfR4/sTdzTky7WW6j03QrwBW45dlxzOEeAlnOA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from BN9PR11MB5483.namprd11.prod.outlook.com (2603:10b6:408:104::10) by SJ0PR11MB5183.namprd11.prod.outlook.com (2603:10b6:a03:2d9::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6433.23; Tue, 30 May 2023 05:22:55 +0000 Received: from BN9PR11MB5483.namprd11.prod.outlook.com ([fe80::37e4:7a65:b8a7:c4ae]) by BN9PR11MB5483.namprd11.prod.outlook.com ([fe80::37e4:7a65:b8a7:c4ae%5]) with mapi id 15.20.6433.022; Tue, 30 May 2023 05:22:55 +0000 From: "Chiu, Chasel" To: Ranbir Singh , "devel@edk2.groups.io" CC: "Desimone, Nathaniel L" , "Zeng, Star" , Ranbir Singh , Pedro Falcato Subject: Re: [PATCH 1/1] IntelFsp2Pkg/Library/BaseFspCommonLib: Fix OVERRUN Coverity issue Thread-Topic: [PATCH 1/1] IntelFsp2Pkg/Library/BaseFspCommonLib: Fix OVERRUN Coverity issue Thread-Index: AQHZiVILTU4AwpIw30OMcmk2fgY7QK9yWrEg Date: Tue, 30 May 2023 05:22:54 +0000 Message-ID: References: <20230518062851.184724-1-rsingh@ventanamicro.com> In-Reply-To: <20230518062851.184724-1-rsingh@ventanamicro.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: BN9PR11MB5483:EE_|SJ0PR11MB5183:EE_ x-ms-office365-filtering-correlation-id: 0f467ded-fcd2-4367-e22a-08db60cdec31 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 0FcoQ7tHEMGOai3GqJxN8qMtCou1umO0GKoMT8a777HD0KWQtaiHw8J8aIuTVzBMWfyKPJhJWO7hlb+qgnjl4Y7GgiYp2a8gSnlENoaXWwk4d0a9ltGkeRaH5+q8hbNxU8gHcPvuXnJfx1iO2C56u0GNNh+f1zBb+FAaao8Owd5BR+4fKAMZ/RmVon+iLDOMkb3zuXrSu2MIgfk72tvm/Eh5XMS/VHVyPS/X1lxK1Ex16OEK1G5XQdb+Fd3EK0FLc2Al0TFvtITemiRGCH0aGtv+PFvfZgIv4TVk1ZF0cw9G8UjgyVIu5E7tCY8LNkff53Zx+L2knhJ1JUCrIafbld9oban06CYlL6Vp/P6o7pe8/VZva2K/xwk840BBgpPFo518qzHvMCEjVP/4NFc75rSjThH8gEvVXZBM2TdiXgmXCkR6xxzJEYZWq4hY9qjjqHsq3gOGuoh4zFRW8+VmKfnc168KzCERNi0LeNY83CP6RoSYPZrP7mtb93eiPODJptPmLgiEFP/T4ITR4lViKksShDrguPLsnWVbuy1vQf0zdVDjUVWMZERrtZV7pgpEscCKAgxcr2rZGrTduyscCLVdwzaq1Z6lFXZ7c9ABBCMyYb3QFEi/ptKJboUs7JGMNejwQroSJiFRoUjUdfHFlA== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN9PR11MB5483.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(39860400002)(346002)(136003)(396003)(366004)(376002)(451199021)(26005)(38100700002)(41300700001)(7696005)(966005)(186003)(83380400001)(53546011)(9686003)(6506007)(478600001)(110136005)(54906003)(71200400001)(82960400001)(64756008)(66476007)(66556008)(66946007)(66446008)(76116006)(4326008)(122000001)(55016003)(316002)(52536014)(5660300002)(8676002)(8936002)(2906002)(86362001)(38070700005)(33656002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?bZzlHZHEBT/1Ignyh5Rk2pQZf/VwFdkRIfnwns4vFzKLDmijBlfWrfmw7kos?= =?us-ascii?Q?Vt6EbYxyIK7iwb9kp1ghUZ56z26fT3Yo/z0z2y3rZIpViDj8weNYhnV9+lFS?= =?us-ascii?Q?0z8QINB/L6VPjyo4K57jb/S9Uj/m3dceo1TX3Z2ypJX//6mahVLJzhJ1ehaI?= =?us-ascii?Q?MMQIH9xBjcgOrnRgpPhV3tpFzaBsG0GcL4sOw2ETg7MW7Ehm/CbMWVrC3NQS?= =?us-ascii?Q?GDzIfpjuehFuCusYPkHfRuDhPPXIhJ6CH/dIn7GzmIxgqEUnVwdU81tm21Lt?= =?us-ascii?Q?tek6gojLDzRRI1q90ceY4GSD/47R/zYwwYHXBxI+c5pVu8/3uDbCnKx2TiOV?= =?us-ascii?Q?JsjiBznrXmjrst4ZuM4ocVTsO4/G8xqBw7wA1DnorGG8LpIreDyRP3r2SQQO?= =?us-ascii?Q?zuaz2D71UGeNpwgPSnd0sUfj9sW7Ib1oo/LPt2oO4gV1qQ5gXzv4bpoT/e8p?= =?us-ascii?Q?818GETzRqtvlHugc+HkMvPQSkXxS5Av23izZtcq7F6NUaXcGEl/U2ab3r+zx?= =?us-ascii?Q?aWAtkYeCBoZScgv1su8htUAxSJ8MrF8WFkbbkdYnZv6KHbM0NCpOcLZY+rEx?= =?us-ascii?Q?tV9tpd0iURMpZpFW/W8MvAvueU58h82H7WIOwKr+0hM4LoY97VR1sL6l1JBJ?= =?us-ascii?Q?MBx605Zr6SL4Njg9g5kRlDm3T5yw7RQPLj5J2eBcVTp4hgB3aik0dX3bnmhN?= =?us-ascii?Q?DSuj33nv58FuzYSTDPKC5uG6qZxue9kksVoJ7wFXgDUJMy2teK681cFTS4V0?= =?us-ascii?Q?aPaXsqeMj9Y/1c0jZiM+VgdjVwfLFQBUgs/224BgG8O3jUNZr4K3bkF194wC?= =?us-ascii?Q?eBxSCPV7ze0ZwwNgFy5mn8q1njJ+N7WcFao0MzFpk2AtU1AyUm7OYFN/BhGd?= =?us-ascii?Q?wN/8SG3EGi4c0zjz4P8YyiKKhsu2IessM670HfI/USyOgn1/FH4TuPVCKfov?= =?us-ascii?Q?IIAw8RalaIdCMKI0w8p9d4kj6q6W2VDV9aeD2mbvc7SxRLL5fJNHeisCO4SO?= =?us-ascii?Q?Cs9WAaG6r9yPDFHtzxRY9yuPqxJKTXRb9DriCX4ETZhEbL9EPaW2/MI0CVmA?= =?us-ascii?Q?z2CeUCFIR7UPTGtprzC8Ss7PQldy4yXlulxh9v/zNup01L79KX2AQteurXYx?= =?us-ascii?Q?qjAe9IU+ayRfHLTQkPj2MwsApHtuK1hI0FyAmIVQdhy9qDw2gds4wKPsc/ee?= =?us-ascii?Q?mYT1hKz32ZbWOMT/OzgjU9r2C9RPINU4MHXWfcKS1XQA0UcQd4YRwdFsnXSg?= =?us-ascii?Q?FFuA68dYZIHz1PjKfLrgRALlL3g/QrIkpQf0YWepX7ZiflELK+98uBjdJcIt?= =?us-ascii?Q?GFpYxkFbBk0GvmSdgFshaj7TmU4IbFURSe1SkbNvXgJCp0gzcwh5H2R2vg2j?= =?us-ascii?Q?KoeHRWEnpNgnDvPFzmQk/6n2WI5Sjf4BG+lI+GzpcMGsqTdmcmvBLXYwiPw2?= =?us-ascii?Q?gq85Nl0FQbOSuKbpEnx4EasLikRhAuuyKhqvb9i9RwyLmV1zYvTn7JbrKHA3?= =?us-ascii?Q?XNN8hG4idlKu+CkMf7MSDVbwZ1iAjZC3hg+6MDitCJbAfgJTYQJpVgkzLROb?= =?us-ascii?Q?sjlS6BfQ/S+Ja5sQJHWuv7goKk7vpayQy1MaiEOi?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN9PR11MB5483.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 0f467ded-fcd2-4367-e22a-08db60cdec31 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 May 2023 05:22:54.9758 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Q8mTCoknSkIOjs/lzWIqMvZvQRIZaOMob0enJva3kDZP9dgVTCVN0Z4Q9EaQ/oO5vbrI8so2ln+Vp0OEaWWUQw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR11MB5183 Return-Path: chasel.chiu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Patch merged: https://github.com/tianocore/edk2/commit/48c53994e649d51a388dc414944c9a9b71= 7a1c3c Thanks, Chasel > -----Original Message----- > From: Ranbir Singh > Sent: Wednesday, May 17, 2023 11:29 PM > To: devel@edk2.groups.io > Cc: Chiu, Chasel ; Desimone, Nathaniel L > ; Zeng, Star ; Ranbi= r > Singh > Subject: [PATCH 1/1] IntelFsp2Pkg/Library/BaseFspCommonLib: Fix OVERRUN > Coverity issue >=20 > FspData->PerfIdx is getting increased for every call unconditionally > in the function SetFspMeasurePoint and hence memory access can happen for > out of bound FspData->PerfData[] array entries also. >=20 > Example - > FspData->PerfData is an array of 32 UINT64 entries. Assume a call > is made to SetFspMeasurePoint function when the FspData->PerfIdx > last value is 31. It gets incremented to 32 at line 400. > Any subsequent call to SetFspMeasurePoint functions leads to > FspData->PerfData[32] getting accessed which is out of the PerfData > array as well as the FSP_GLOBAL_DATA structure boundary. >=20 > Hence keep array access and index increment inside if block only and retu= rn > invalid performance timestamp when PerfIdx is invalid. >=20 > Cc: Chasel Chiu > Cc: Nate DeSimone > Cc: Star Zeng > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4200 > Signed-off-by: Ranbir Singh > Signed-off-by: Ranbir Singh > --- > IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) >=20 > diff --git a/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c > b/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c > index a22b0e7825ad..cda2a7b2478e 100644 > --- a/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c > +++ b/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c > @@ -377,7 +377,8 @@ GetFspSiliconInitUpdDataPointer ( > @param[in] Id Measurement point ID. - @return performance > timestamp.+ @return performance timestamp if current PerfIdx is valid,+ > else return 0 as invalid performance timestamp **/ UINT64 EFIAPI@@ -395,9 > +396,10 @@ SetFspMeasurePoint ( > if (FspData->PerfIdx < sizeof (FspData->PerfData) / sizeof (FspData- > >PerfData[0])) { FspData->PerfData[FspData->PerfIdx] = =3D > AsmReadTsc (); ((UINT8 *)(&FspData->PerfData[FspData->PerfIdx]))[7] = =3D Id;+ > return FspData->PerfData[(FspData->PerfIdx)++]; } - return FspData- > >PerfData[(FspData->PerfIdx)++];+ return (UINT64)0x0000000000000000; } > /**-- > 2.34.1