cpu/x86/smm: Add overflow check

Rather bail out than run into undefined behavior. Original-Change-Id: Ife26a0abed0ce6bcafe1e7cd8f499618631c4df4 Original-Signed-off-by: Nico Huber <nico.h@gmx.de> Original-Reviewed-on: https://review.coreboot.org/c/coreboot/+/38763 Original-Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Original-Reviewed-by: Patrick Rudolph <siro@das-labor.org> Original-Reviewed-by: Angel Pons <th3fanbus@gmail.com> Original-Reviewed-by: <cedarhouse1@comcast.net> (cherry picked from commit 6d5f007813) Signed-off-by: Marc Jones <marcjones@sysproconsulting.com> Change-Id: I28e10d8836ab80c6fec9d3414c795c5e6ff312e8 Reviewed-on: https://review.coreboot.org/c/coreboot/+/50311 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Stefan Reinauer <stefan.reinauer@coreboot.org> Reviewed-by: Jay Talbott <JayTalbott@sysproconsulting.com>
2020-02-07 17:11:40 +01:00 · 2020-02-07 17:11:40 +01:00 · b450c8d2cb
parent fc8a6fa93a
commit b450c8d2cb
1 changed files with 2 additions and 0 deletions
--- a/src/cpu/x86/smm/smm_module_loader.c
+++ b/src/cpu/x86/smm/smm_module_loader.c
@ -203,6 +203,8 @@ static int smm_module_setup_stub(void *smbase, size_t smm_size,
 	/* Adjust remaining size to account for save state. */
 	total_save_state_size = params->per_cpu_save_state_size *
 				params->num_concurrent_save_states;
+	if (total_save_state_size > size)
+		return -1;
 	size -= total_save_state_size;

 	/* The save state size encroached over the first SMM entry point. */