From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by mx.groups.io with SMTP id smtpd.web10.2565.1684439753240778096 for ; Thu, 18 May 2023 12:55:53 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Fb4IuQnR; spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: chasel.chiu@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1684439753; x=1715975753; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=TZUz5xFnMfayOau4DjdN44F/ajw/NWI6p8rST0/BhHY=; b=Fb4IuQnR4IbLch3m4i80760j0Vso5qfvEvLBVCj5doj53lA6waeIrdUE AwQr6ugnzvu0HIsI7oywD+OXf/Rhc/uNUcxDecBKpcbsO0uzpt89KmYVI frBCuM645o+r7zfz8B0VPGuhVsSJ/e6OJItffm9is3giZfkn3CY/d063Z /MKfmj/XbDPodh3igMra3L9rE5l9Y9vXwLEbYf9SHufVT6SSjWX3beGBC kyBuRPeR2mZ4Y5eo1I+3/VlJVMNM2yKvISHtznpGMprzfOgzdVPVhyN0I cLFF+tk5dMLTrZn3S4bsBneh96owk1zDTu4G0z3vp3WMdE7uzm3pPw+qI A==; X-IronPort-AV: E=McAfee;i="6600,9927,10714"; a="355396172" X-IronPort-AV: E=Sophos;i="6.00,175,1681196400"; d="scan'208";a="355396172" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 May 2023 12:55:51 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10714"; a="846620035" X-IronPort-AV: E=Sophos;i="6.00,175,1681196400"; d="scan'208";a="846620035" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by fmsmga001.fm.intel.com with ESMTP; 18 May 2023 12:55:51 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 18 May 2023 12:55:51 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Thu, 18 May 2023 12:55:51 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.105) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Thu, 18 May 2023 12:55:50 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=itbMkzhiAXIhH94t/VBQLrcFwvpxzKMbu03/UKr7rtx6w/9Q91o0bQis258hsbNeW137toRMEEHojGJyfhlkm60se/WEl1+yDsBaJUxFiciI4uHFgj4xBY5vRrx9DCSgCyUfbFOa9Jw8sFtG0JmPWUC7FummBfpGVp5JzHXQ6Y+3hBuq7KLp39eEFBO9d2O+K5ZVsZw0MgGjU7jUITB9pOHuNI0fmGJoMrVfOZnhEgc+bg0eYX2ukytIUWspXl696ExqcloTPy+GChX3zkl5zXVFMKR0EGbgnq/4lE5UbD3wvwoli8WRh+PuT0xTDJ0HFqiaaWzuw27Qocc87TCK8Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=L9To9u/r9wMfYbI2ndY2baZWcJmO9MoxC6uLmb8DiiU=; b=cBKBoXRMz4tw9DBLx3bizj7+PV6I2X9CnBD+TJW3O6Rs1sk5J1rwTtt4Q8mwptJ/anziSNvBqpOoBsj9WLDu4b+rOy2YZ7tSguNE6MNBvP+85EZEntcwoVacESY0qeF0ECas+jWnvJvPcQWV7fXC3NUf75m+8WMHrQYhCimmBVB2cq9LQephBUkMZ3RE1lsX/fBk9nDNMjMLHieMy7W0mMl/J6DSOtnb0iV2YpNxvUyerEM1bvH/ZMrU27AjvhjcmbElvSajwEhZKCsMA1LlKmb85xIqiBc3LdJNagH8NvlYqhwge6Z2g1F3MKtPfbKUirF2FfOHfn8pPDFjFeUqUQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from BN9PR11MB5483.namprd11.prod.outlook.com (2603:10b6:408:104::10) by DM6PR11MB4612.namprd11.prod.outlook.com (2603:10b6:5:2a8::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6411.17; Thu, 18 May 2023 19:55:48 +0000 Received: from BN9PR11MB5483.namprd11.prod.outlook.com ([fe80::1eb1:2222:1823:8e7a]) by BN9PR11MB5483.namprd11.prod.outlook.com ([fe80::1eb1:2222:1823:8e7a%5]) with mapi id 15.20.6411.019; Thu, 18 May 2023 19:55:47 +0000 From: "Chiu, Chasel" To: Ranbir Singh , "devel@edk2.groups.io" CC: "Desimone, Nathaniel L" , "Zeng, Star" , Ranbir Singh Subject: Re: [PATCH 1/1] IntelFsp2Pkg/Library/BaseFspCommonLib: Fix OVERRUN Coverity issue Thread-Topic: [PATCH 1/1] IntelFsp2Pkg/Library/BaseFspCommonLib: Fix OVERRUN Coverity issue Thread-Index: AQHZiVILTU4AwpIw30OMcmk2fgY7QK9gclzw Date: Thu, 18 May 2023 19:55:47 +0000 Message-ID: References: <20230518062851.184724-1-rsingh@ventanamicro.com> In-Reply-To: <20230518062851.184724-1-rsingh@ventanamicro.com> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: BN9PR11MB5483:EE_|DM6PR11MB4612:EE_ x-ms-office365-filtering-correlation-id: dd28f50d-64e9-414b-87e0-08db57d9df81 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: PRDbPsoVvTFw7QuGG7diMNHs7oRIA35lYkqkw4Px5itqH2W1ndM9DV9Kttd/9EdEszfFb2YYa8iRnox59SBtaX7Ke3iBsRvtc3nCkQKxjyTgyo5MngW2IVoRrmxypMOOvRmwVMdCEp+KRBxBWcN+Sf14mw0UHwj0ay5eHY8X37J8R9DwM71iNDU8nLjw+DERnr1O2dzxhb2FAlicjFx4v3QWsO7W4hrdMfay1dfizp2dG5qLoLXaUz1YQxp//JtN31wzu+ZxCapQhnWKNQcszMZzAKhehgFbXzvIWNJNLs4z5T72JG/o1EUD0GIvzcbQXsIacLDuxFBZudoDF27DaIreMHFpWEUrqHO9HPEp0xP71BTbEtZodFIxIQWUWOHXLSQZP25Yp1fPAanISiYi/L7g+3S+RrwOkqy6xZbTGy0cYZoCUa9Nm3f8e5x4RsLMRFlnIoosOGLUO3AGwYGyEYlAShtbSB6cwG9J0OEMBZfUJxQWugYeTZB3O8RF3cHMp7NEcTDJyqU+E13Yx9L02BSbkjfWFk4zQjhbhaw+8lzG+5cYCpUW0JWs1nm1caQKld1RhUzsLCqfurY6pSfaoq6FahSiyP1R1Z5qw+1ciHw= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BN9PR11MB5483.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(346002)(136003)(376002)(39860400002)(366004)(396003)(451199021)(966005)(52536014)(86362001)(33656002)(316002)(64756008)(54906003)(478600001)(66556008)(76116006)(110136005)(4326008)(66476007)(66946007)(66446008)(8936002)(71200400001)(7696005)(8676002)(5660300002)(2906002)(38070700005)(55016003)(41300700001)(122000001)(82960400001)(38100700002)(6506007)(53546011)(9686003)(26005)(83380400001)(186003);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?UjeB+QywmQcqRXDO7Zi59JYePc6V26dv3TeWXy2GVLpvK5EtLqUnPRlX9Ojf?= =?us-ascii?Q?dZrydguYrzblb6CczgyixIacTj7V6wExBbxklwZ0AIRLq8o631LNwBvT35tu?= =?us-ascii?Q?80O0s6CnfN+c+1De9j26LSiI/75iO4wK3Xn/ktPgSn8WzCTHFQuc8v89HJh/?= =?us-ascii?Q?3eSdfQ8WMlP7qQx/1/sc/ul/AvoylD+9caqaNaEbp9Uwc3GcB9jrPmYkHBJ0?= =?us-ascii?Q?xDYCjbquaiQCMajF2mJZ6a8/PNjAGxy1ExmWDpzsM7QRB8fBm0DbakKY17Q2?= =?us-ascii?Q?Gt6wf1CaUUM512WcqFcD+Jf73MbQ+ToV9yu5q9R81Jem60TsFJIm2Z499nAv?= =?us-ascii?Q?91qDmVT8oN0zcG75VKVFybBmGD6MNznxxcvS33lMhymRpqXDHbastFoQFB2Q?= =?us-ascii?Q?W4YIyHz0Yz62OvA0mFbDraJCCUxKPYOj9oCTS0QQz63WS8GiTcYdJ7auTfoK?= =?us-ascii?Q?KhkSXlIGrJA57wNKFx5T86kE1durQhvtFMfupmrlwZbK/rSYVLxsnbhyjm4m?= =?us-ascii?Q?NYQg5TfOEK3FwW+U/XP1Tlv6qBmufRED9bDlOp+J6ZcKmtNub/XSaJ614tWo?= =?us-ascii?Q?HpIF28SeuJwn6qyoLNgw3et/gfZEk5lavIqHolZf8NX8DIgH/Ge0QqJf7q5W?= =?us-ascii?Q?MYasbAj35MsZhQCX6/iNGG5qov7yuhIWKMNCmAwkf9bQXhbTgQYfwn1qGLGy?= =?us-ascii?Q?fTXLvFva1Aij+xAwGi6RlyyBNmSp/S5FJNwCjLgm8ngENoE1NAZA65sXROcW?= =?us-ascii?Q?AYvOFM+KoEqQuZyScvNfbmIxFw5d1de0gjzDS8FYhfGlhc96/NKyGwRJQOjV?= =?us-ascii?Q?aCQd5m4Y+GMdq5sr27HvpFN5qV79/uTqqeAhrOoFCXEuXZD2iIuYrf2OeU3O?= =?us-ascii?Q?Wsp8bYP8scOnvVOBets3f25aurO6v66jlqV0aj/VBgBlT+oeedRVlPJml1Go?= =?us-ascii?Q?hgl5wpIVlnDla47jxNzO/01D63eSu5oVBcd5wFfEE20yPXWfjTewamhGmJTq?= =?us-ascii?Q?Tlu7xWHsBxwvE2b+xsvjKSRrONdp00gxZ6PKxBpQidjL9moW4xpRxTjc6zXX?= =?us-ascii?Q?9gTWb1iFKYkl4uAF0+MVDbUHtlAN5MqXDYY6Bv1GWR5xgyK3j6HDwjbLcfpI?= =?us-ascii?Q?heksWYwn5FOJlz9fRMOqlD+b1oHV/8FNcQkoVfEjmnBPo9crzc9S852dTYLA?= =?us-ascii?Q?2PcGiiprkNCA5+ICt9/Yt8jScDwDn8FJInVsUIBNRoY0boX9R457KZEv05vm?= =?us-ascii?Q?ntdarogIG9Z9q0PunJVzKHhdRWMUwYeJrnvdvH3MERHmM16HEXLSsausBpXk?= =?us-ascii?Q?xR4gnMP+aUOhvzuboLui8mr5Bnb4YspJASWi497f6cfxK9URwnPH0V1zZaHF?= =?us-ascii?Q?mjMJtKfAxxQlszuZ/cQ4W4eRPtJWl39cVKLWAFGaoSfzyr6X6FwU/rNkky/5?= =?us-ascii?Q?auW8YEGFlTNuV5lGL2fgDdlof3eXAu94G07GhVMfHq4FwfR/aCgX+MC6xdAS?= =?us-ascii?Q?D5jBD9UjgQZafZ03X8Q/s/rLNmIuzgrIpqN9vqblcB2f6TUWOeWlIyEdy9Ky?= =?us-ascii?Q?YSLbbI0ZVTbJcYlnlMbRPPAeRyo96ACnXRkiRTAd?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: BN9PR11MB5483.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: dd28f50d-64e9-414b-87e0-08db57d9df81 X-MS-Exchange-CrossTenant-originalarrivaltime: 18 May 2023 19:55:47.2055 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: fLv4tSUjQMiXXLp+ZlHJg6Ka7kTgIH2Hwf7Y4U5Dg1rtZx/FJrxIdAJev86wb7qh5lzd6iMsN0uaDq8PaMq5Ow== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4612 Return-Path: chasel.chiu@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable This fix looks good to me! Thanks Ranbir! Reviewed-by: Chasel Chiu > -----Original Message----- > From: Ranbir Singh > Sent: Wednesday, May 17, 2023 11:29 PM > To: devel@edk2.groups.io > Cc: Chiu, Chasel ; Desimone, Nathaniel L > ; Zeng, Star ; Ranbi= r > Singh > Subject: [PATCH 1/1] IntelFsp2Pkg/Library/BaseFspCommonLib: Fix OVERRUN > Coverity issue >=20 > FspData->PerfIdx is getting increased for every call unconditionally > in the function SetFspMeasurePoint and hence memory access can happen for > out of bound FspData->PerfData[] array entries also. >=20 > Example - > FspData->PerfData is an array of 32 UINT64 entries. Assume a call > is made to SetFspMeasurePoint function when the FspData->PerfIdx > last value is 31. It gets incremented to 32 at line 400. > Any subsequent call to SetFspMeasurePoint functions leads to > FspData->PerfData[32] getting accessed which is out of the PerfData > array as well as the FSP_GLOBAL_DATA structure boundary. >=20 > Hence keep array access and index increment inside if block only and retu= rn > invalid performance timestamp when PerfIdx is invalid. >=20 > Cc: Chasel Chiu > Cc: Nate DeSimone > Cc: Star Zeng > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4200 > Signed-off-by: Ranbir Singh > Signed-off-by: Ranbir Singh > --- > IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) >=20 > diff --git a/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c > b/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c > index a22b0e7825ad..cda2a7b2478e 100644 > --- a/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c > +++ b/IntelFsp2Pkg/Library/BaseFspCommonLib/FspCommonLib.c > @@ -377,7 +377,8 @@ GetFspSiliconInitUpdDataPointer ( > @param[in] Id Measurement point ID. - @return performance > timestamp.+ @return performance timestamp if current PerfIdx is valid,+ > else return 0 as invalid performance timestamp **/ UINT64 EFIAPI@@ -395,9 > +396,10 @@ SetFspMeasurePoint ( > if (FspData->PerfIdx < sizeof (FspData->PerfData) / sizeof (FspData- > >PerfData[0])) { FspData->PerfData[FspData->PerfIdx] = =3D > AsmReadTsc (); ((UINT8 *)(&FspData->PerfData[FspData->PerfIdx]))[7] = =3D Id;+ > return FspData->PerfData[(FspData->PerfIdx)++]; } - return FspData- > >PerfData[(FspData->PerfIdx)++];+ return (UINT64)0x0000000000000000; } > /**-- > 2.34.1